calling other applications with java

[caleb]

Hi everyone,
I am writing an IRC bot in java using the PircBot API. The main
function of the bot is returning FreeBSD 'man'(manual) pages to a user
that requests them.

ie;

the user on the channel would type;

!man java

The bot would call the onMessage function and check if the string is
listed in an array of commands;

String[] commands = {"!time","!man","!quit","!ect...."};

What I am having trouble working out is which object I should create to
call the man command and then return output to the user who issued the
command.

I am reading through the documentation for java.io and see that there
are classes that deal with;

- InputStreams
- OutputStreams
- ByteStreams
- DataStreams
- ProcessingStreams

From what I understand about FreeBSD/unix, a program is just another
type of file, also the 'Student guide to unix -Harley Hahn' describes a
file as;

"In Unix the term file refers to any source of input or target of
output, not only to a repository of data".

Am I on the right track here? Or am I getting it wrong?

thanks'

caleb.

 

[caleb]

ps :- I have read;

http://java.sun.com/docs/books/tutorial/essential/io/overview.html

caleb

 

[Thomas Hawtin]

What I am having trouble working out is which object I should create to
call the man command and then return output to the user who issued the
command.

Use java.lang.Runtime.exec or java.lang.ProcessBuilder to run another
program (/usr/bin/man in this case).

However, you should be *extremely* careful when doing this sort of
thing. I don't know the details of the command. However, I do know you
can, from the command line, change the path the program looks for files.
So potentially it a malicious IRC user could read other files on your
system. Also any programming error in man, for instance buffer
overflows, can now become security issues.

A better approach is to read the man files yourself. The are probably
gzipped and in the peculiar man format. Even then you need to be
careful. A malicious user may, for instance use ../ in keyword names.
Normalise the File object, and check it is still in the correct place.
UNIX will stop reading filenames at a NUL character, so checking them
becomes even more error-prone.

Tom Hawtin

 

[caleb]

Use java.lang.Runtime.exec or java.lang.ProcessBuilder to run another
program (/usr/bin/man in this case).

Hi Tom,
Thankyou for the advice. I have had a look at the java.lang.*
pages and am gratefull I have a direction to go in. I understand IRC is
not a safe place, I plan in running the bot in a jail on a machine in a
DMZ. I do not know much about jails' but am learning as I go.

My motivation for adding commands to run programs such as 'man' is that
IRC is a hostile environment. I have found that simple questions' can
illicit insults and flaming, being called an idiot is common. If someone
comes to a channel asking for *nix help and is a windows' user, the bot
can provide help and introduce the user to man pages(yes, I know they
are online).

I plan on adding channel management features and other bells' and
whistles. I am still learning as I go, it is alot of trial and error,
but it's *FUN*.

Thanks again,

caleb

 

[Chris Smith]

Thankyou for the advice. I have had a look at the java.lang.*
pages and am gratefull I have a direction to go in. I understand IRC is
not a safe place, I plan in running the bot in a jail on a machine in a
DMZ. I do not know much about jails' but am learning as I go.

External security is no excuse for writing insecure software. It would
be considerably better if you parse the user's command yourself, check
to be sure it doesn't contain any command line options or excessively
long Strings, and then build your own man command. You probably also
want to set your TERM variable to something safe that will prevent
escape sequences.

I'm not sure I agree with Thomas's suggestion to read the man page
yourself. Re-implementing nroff in Java doesn't sound like fun.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Chris Uppal]

I'm not sure I agree with Thomas's suggestion to read the man page
yourself. Re-implementing nroff in Java doesn't sound like fun.

You have an oddly restrictive notion of "fun" ;-)

-- chris

 

[Thomas Hawtin]

I'm not sure I agree with Thomas's suggestion to read the man page
yourself. Re-implementing nroff in Java doesn't sound like fun.

Isn't there an nroff reader for Java?

No? Okay, run all the man pages through man2xyz, for some sensible xyz.
Bung the results in a database and Bob is your mother's brother.

Tom Hawtin