Adam Stokes wrote:
Using shell=True is not a good idea as it could allow for problematic injections. I think it would be beneficial to use the python way of handling pipes
IMHO, Func is already an API that allows doing lots of nice things as
root so injections are not a huge concern. If you have access to Func
you can already install and run whatever code you like -- by design.
However if someone is surfacing Func in the web app, they should not
surface the shell=True version.
The problem of filtering injections is therefore the problem of the
owner of the webapp, just as it is with someone writing a SQL-using program.
----- Original Message -----
From: "Silas Sewell" <silas@xxxxxxxxx>
To: "Michael DeHaan" <mdehaan@xxxxxxxxxx>
Cc: func-list@xxxxxxxxxx
Sent: Monday, November 24, 2008 5:21:14 PM GMT -05:00 US/Canada Eastern
Subject: Re: func command module pipe problem
If you enable shell in the command module you can use pipes. I created a
simple module which does just that.
http://github.com/silas/func-modules/tree/master/command_plus.py
On Mon, Nov 24, 2008 at 2:57 PM, Michael DeHaan <mdehaan@xxxxxxxxxx> wrote:
Ozgur Akan wrote:
Hi,
I am trying to use func command module
https://fedorahosted.org/func/wiki/CommandModule
When I use pipe in the command it can not run the command.
func myserver.domain.com <http://myserver.domain.com> call command run
"ps -fe | grep root"
How can I override this problem?
thanks,
Ozgur Akan
------------------------------------------------------------------------
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
Subprocess does not do shell pipes, though it does /implement/ pipes.
What you want to do is use Func's process module and if neccessary add
modifications to allow you to filter the results, or write an API script
using Func that filters the results.
--Michael
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list