Skip to content

fix: Quote CL cmd in iCmd5250 for shell escaping #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 28, 2020
Merged

Conversation

kadler
Copy link
Member

@kadler kadler commented Feb 21, 2020

iCmd5250 is just a fancy wrapper around iSh, using the PASE system
command. It did not do any shell escaping/quoting, so it basically only
allowed calling CL commands without parameters or with only positional
parameters because the parentheses would cause the shell to gack.

eg.
iCmd5250('wrkactjob', 'WRKACTJOB SBS(QBATCH)')

basically became

iSh('wrkactjob', '/QOpenSys/usr/bin/system WRKACTJOB SBS(QBATCH)')

When executed, an error would be given from the shell:

sh: syntax error at line 1 : `(' unexpected

The proper fix is to quote the string, but that can be tricky to get
right. Luckily, Python has shlex.quote to do the hard work for us.
https://docs.python.org/3/library/shlex.html#shlex.quote

Fixes #49

@kadler
Copy link
Member Author

kadler commented Feb 21, 2020

@ranga543 Can you please test this? I was able to verify with this script:

from itoolkit import *
from itoolkit.transport import DirectTransport

itransport = DirectTransport()
itool = iToolKit()
itool.add(iCmd('aspgroup_cmd', 'SETASPGRP ASPGRP(TEST)'))
itool.add(iCmd5250('dspjob', 'DSPJOB'))

itool.call(itransport)

print(itool.dict_out('aspgroup_cmd'))

for line in itool.dict_out('dspjob')['dspjob'].split('\n'):
    if 'ASP' not in line:
        continue

    print(line)

Note that you must use iCmd to run the SETASPGRP, since iCmd5250 executes in a separate process, so it changes that job, not the current job.

@ranga543
Copy link

@kadler I copied your code and tried it and that seems to be working.

@ranga543
Copy link

ranga543 commented Feb 21, 2020

@kadler Is there a way to capture error from iCmd5250 right now it's just throwing CPF ?

CPF9801: Object X in library X not found.
{u'aspgroup_cmd': {u'success': u'+++ success SETASPGRP ASPGRP(TEST)'}, u'dspjob': {}}

iCmd5250 is just a fancy wrapper around iSh, using the PASE system
command. It did not do any shell escaping/quoting, so it basically only
allowed calling CL commands without parameters or with only positional
parameters because the parentheses would cause the shell to gack.

eg.
iCmd5250('wrkactjob', 'WRKACTJOB SBS(QBATCH)')

basically became

iSh('wrkactjob', '/QOpenSys/usr/bin/system WRKACTJOB SBS(QBATCH)')

When executed, an error would be given from the shell:

sh: syntax error at line 1 : `(' unexpected

The proper fix is to quote the string, but that can be tricky to get
right. Luckily, Python has shlex.quote to do the hard work for us.
https://docs.python.org/3/library/shlex.html#shlex.quote

Fixes #49
@ranga543
Copy link

@kadler any ideas ?

@kadler
Copy link
Member Author

kadler commented Feb 25, 2020

I'm not sure exactly what you're asking for, but in general error handling in XMLSERVICE is an after thought and there's not much that itoolkit can do about it.

@kadler kadler requested a review from abmusse February 27, 2020 16:54
@kadler kadler merged commit 9d98acd into master Apr 28, 2020
@kadler kadler deleted the 5250_quote_shell branch April 28, 2020 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

iCmd5250 doesn't work properly for CL commands with parameters
2 participants