 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / January 2006calling other applications with java
Hi everyone, I am writing an IRC bot in java using the PircBot API. The main function of the bot is returning FreeBSD 'man'(manual) pages to a user that requests them. ie; the user on the channel would type; !man java The bot would call the onMessage function and check if the string is listed in an array of commands; String[] commands = {"!time","!man","!quit","!ect...."}; What I am having trouble working out is which object I should create to call the man command and then return output to the user who issued the command. I am reading through the documentation for java.io and see that there are classes that deal with; - InputStreams - OutputStreams - ByteStreams - DataStreams - ProcessingStreams From what I understand about FreeBSD/unix, a program is just another type of file, also the 'Student guide to unix -Harley Hahn' describes a file as; "In Unix the term file refers to any source of input or target of output, not only to a repository of data". Am I on the right track here? Or am I getting it wrong? thanks' caleb.  SignatureThere is no spoon. ps :- I have read; http://java.sun.com/docs/books/tutorial/essential/io/overview.html caleb SignatureThere is no spoon > What I am having trouble working out is which object I should create to > call the man command and then return output to the user who issued the > command. Use java.lang.Runtime.exec or java.lang.ProcessBuilder to run another program (/usr/bin/man in this case). However, you should be *extremely* careful when doing this sort of thing. I don't know the details of the command. However, I do know you can, from the command line, change the path the program looks for files. So potentially it a malicious IRC user could read other files on your system. Also any programming error in man, for instance buffer overflows, can now become security issues. A better approach is to read the man files yourself. The are probably gzipped and in the peculiar man format. Even then you need to be careful. A malicious user may, for instance use ../ in keyword names. Normalise the File object, and check it is still in the correct place. UNIX will stop reading filenames at a NUL character, so checking them becomes even more error-prone. Tom Hawtin SignatureUnemployed English Java programmer http://jroller.com/page/tackline/ > Use java.lang.Runtime.exec or java.lang.ProcessBuilder to run another > program (/usr/bin/man in this case). Hi Tom, Thankyou for the advice. I have had a look at the java.lang.* pages and am gratefull I have a direction to go in. I understand IRC is not a safe place, I plan in running the bot in a jail on a machine in a DMZ. I do not know much about jails' but am learning as I go. My motivation for adding commands to run programs such as 'man' is that IRC is a hostile environment. I have found that simple questions' can illicit insults and flaming, being called an idiot is common. If someone comes to a channel asking for *nix help and is a windows' user, the bot can provide help and introduce the user to man pages(yes, I know they are online). I plan on adding channel management features and other bells' and whistles. I am still learning as I go, it is alot of trial and error, but it's *FUN*. Thanks again, caleb SignatureThere is no spoon. > Thankyou for the advice. I have had a look at the java.lang.* > pages and am gratefull I have a direction to go in. I understand IRC is > not a safe place, I plan in running the bot in a jail on a machine in a > DMZ. I do not know much about jails' but am learning as I go. External security is no excuse for writing insecure software. It would be considerably better if you parse the user's command yourself, check to be sure it doesn't contain any command line options or excessively long Strings, and then build your own man command. You probably also want to set your TERM variable to something safe that will prevent escape sequences. I'm not sure I agree with Thomas's suggestion to read the man page yourself. Re-implementing nroff in Java doesn't sound like fun. Signaturewww.designacourse.com The Easiest Way To Train Anyone... Anywhere. Chris Smith - Lead Software Developer/Technical Trainer MindIQ Corporation > I'm not sure I agree with Thomas's suggestion to read the man page > yourself. Re-implementing nroff in Java doesn't sound like fun. You have an oddly restrictive notion of "fun" ;-) -- chris > I'm not sure I agree with Thomas's suggestion to read the man page > yourself. Re-implementing nroff in Java doesn't sound like fun. Isn't there an nroff reader for Java? No? Okay, run all the man pages through man2xyz, for some sensible xyz. Bung the results in a database and Bob is your mother's brother. Tom Hawtin SignatureUnemployed English Java programmer http://jroller.com/page/tackline/ Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.