I want to allow users to create their own Python scripts that run on the server and give output to the users. Likely I'll be allowing users to use Selenium in their scripts, and to write to files in a specific folder. I'm new to Python however assume there are security risks. How would you suggest I protect the server from malicious user code? Below is the C# code I'm using at present to run Python.
public static string Run()
{
string fileName = #"C:\temp\text.py";
Process p = new Process();
p.StartInfo = new ProcessStartInfo(#"python", fileName)
{
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
p.Start();
string output = p.StandardOutput.ReadToEnd();
p.WaitForExit();
return output;
}
Related
I am writing a code to execute some commands against wsl, parsing and reading the returned value is important.
Project is a .net core console app 3.1
wsl2 is enabled on the system
for example, listing all the available wsl images on my local machine i am using a snippet found in an answer provided in another "kind of related" SO post.
using (var proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = #"cmd.exe",
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardInput = true,
CreateNoWindow = true,
}
})
{
proc.Start();
proc.StandardInput.WriteLine("wsl --list");
System.Threading.Thread.Sleep(500);
proc.StandardInput.Flush();
proc.StandardInput.Close();
proc.WaitForExit(5000);
var c = proc.StandardOutput.ReadToEnd();
Console.WriteLine(c);
Console.ReadLine();
}
now the expected output should be
what i am getting is
if i inspect using breakpoint i get this in "var c"
Ideally i want to be able to have a list that contains the 2 dockers items inside C#, changing the wait time didn't help.
in the ProcessStartInfo you have to set
StandardOutputEncoding = Encoding.Unicode;
StandardErrorEncoding = Encoding.Unicode;
for direct call of wsl use additionally:
FileName = #"wsl.exe";
Arguments = #"-l -v";
How to start process and run command like this:
mysql -u root --password="some-password" < "some-file.sql"
Is it possible to do with process.Start()?
I need cross-platform solution (we cannot use cmd.exe).
Yes, this is possible through the System.Diagnostics.Process class. You need to set RedirectStandardInput to true, after which you can write the content of a file redirect the standard input of a process, and write the contents of the file to the Process.StandardInput (which is a StreamWriter)
This should get you started:
var process = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "mysql.exe", // assumes mysql.exe is in PATH
Arguments = "-u root --password=\"some-password\"",
RedirectStandardInput = true,
UseShellExecute = false
},
};
process.Start();
process.StandardInput.Write(File.ReadAllText("some-file.sql"));
Update: this is pretty well documented [here](
https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.processstartinfo.redirectstandardinput)
Mostly just as a curiosity, I wrote a little app to start up Terminator shell on Windows, using Ubuntu/WSL and Xming window server.
Doing things manually from the shell, I can run Firefox, gedit, Terminator, etc on Windows, it's pretty cool.
So I checked the location of bash.exe using where bash and it returned...
C:\Windows\System32\bash.exe
However when I tried to run this code...
using (var xminProc = new Process())
{
xminProc.StartInfo.FileName = #"C:\Program Files (x86)\Xming\Xming.exe";
xminProc.StartInfo.Arguments = ":0 -clipboard -multiwindow";
xminProc.StartInfo.CreateNoWindow = true;
xminProc.Start();
}
using (var bashProc = new Process())
{
bashProc.StartInfo.FileName = #"C:\Windows\System32\bash.exe";
bashProc.StartInfo.Arguments = "-c \"export DISPLAY=:0; terminator; \"";
bashProc.StartInfo.CreateNoWindow = true;
bashProc.Start();
}
I get the error...
System.ComponentModel.Win32Exception: 'The system cannot find the file specified'
And checking my entire system for bash.exe reveals it really be in another place altogether...
I'm not sure if this location is one that I can rely on, I'm worried it's ephemeral and can change during a Windows Store update, although I may be wrong about that.
Why does the command prompt show bash.exe to be in System32 but it's really in another location altogether?
Can I get C# to also use the System32 location?
As #Biswapriyo stated first set the platafrom to x64 on your solution:
Then you may run on your ubuntu machine from c# as:
Console.WriteLine("Enter command to execute on your Ubuntu GNU/Linux");
var commandToExecute = Console.ReadLine();
// if command is null use 'ifconfig' for demo purposes
if (string.IsNullOrWhiteSpace(commandToExecute))
{
commandToExecute = "ifconfig";
}
// Execute wsl command:
using (var proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = #"cmd.exe",
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardInput = true,
CreateNoWindow = true,
}
})
{
proc.Start();
proc.StandardInput.WriteLine("wsl " + commandToExecute);
System.Threading.Thread.Sleep(500); // give some time for command to execute
proc.StandardInput.Flush();
proc.StandardInput.Close();
proc.WaitForExit(5000); // wait up to 5 seconds for command to execute
Console.WriteLine(proc.StandardOutput.ReadToEnd());
Console.ReadLine();
}
I want to change the physical path of an application running on my IIS 7 from another application that runs on my IIS . I tried to do this via appcmd.exe. However, this seems to be impossible due to lack of authorization from the asp.net application.
That is basically what I'm trying to do
private static string Execute(string IISAppName, string NewIISPath)
{
var winPath = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
var appcmdPath = Path.Combine(winPath, "system32", "inetsrv/appcmd.exe");
var arg = "set app /app.name:\"" + IISAppName + "\" /[path='/'].physicalPath:" + NewIISPath;
ProcessStartInfo startInfo = new ProcessStartInfo(appcmdPath, arg)
{
WindowStyle = ProcessWindowStyle.Hidden,
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
Process process = Process.Start(startInfo);
var textResult = process.StandardOutput.ReadToEnd();
process.WaitForExit();
return textResult;
}
textResult is an empty string.
Any ideas?
The AppPool for the ASP.NET site would have to be configured to run as a user with admin privilege on the box to execute that script. In almost all cases, this is a bad idea for security reasons.
I'm trying to automate some operations in Mainframe. For that I made a C# program that connects to Mainframe using terminal emulator wc3270 and send keys to it.
This part works fine.
My problem is that I need to read the content displayed in terminal emulator screen so I can take better decisions about which keys I'll send to it.
How could I do it? I didn't find out any API that would let me do it.
Thanks.
I suggest using IBM personal communication tools:
http://www-03.ibm.com/software/products/en/pcomm
Together with the C# EHLLAPI wrapper, URL to example:
https://www.codeproject.com/Articles/9615/Using-EHLLAPI-in-C
To find out the session key for the emulator, you can use handle.exe from Windows Sysinternals
Code that im using for handle:
public String getSessionKey(String pid)
{
Process p = new Process();
p.StartInfo = new ProcessStartInfo()
{
UseShellExecute = false,
CreateNoWindow = true,
WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden,
FileName = "cmd.exe",
Arguments = "/C C:\\handle.exe -a -p " + pid,
RedirectStandardError = true,
RedirectStandardOutput = true
};
p.Start();
String str = (p.StandardOutput.ReadToEnd());
String[] arr = str.Split('\n');
foreach (String s in arr)
{
if (s.Contains("Owned"))
{
return s.Substring(s.Length - 3, 1);
}
}
return "";
}