I have a webservice that will take some input from authenticated machines as XML (this is for a network management system that I am integrating with some other software) and execute a shell script with some of the XML data as arguments.
In Java(/Linux), what is the best way to escape shell commands to ensure someone cannot pass malicious arguments to my webservice?
Basically in an extremely simplified example, Im taking some input in via WS
<foo>
<bar>ABCDEF</bar>
</foo>
then running somescript.pl <<data in <bar> field>> here
I need to ensure that this cannot be used to execute arbitrary shell commands,etc.
Thanks!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With