From 38465cb9931f6328190b3d3d58eb12234fa69736 Mon Sep 17 00:00:00 2001 From: openHAB Build Server Date: Wed, 19 Feb 2020 19:52:57 +0000 Subject: [PATCH] Updated external 2.5.x content (Jenkins build 457) --- _addons_bindings/exec/readme.md | 13 ++++++++++--- _addons_transformations/exec/readme.md | 14 +++++++++++++- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/_addons_bindings/exec/readme.md b/_addons_bindings/exec/readme.md index 1dc64daa7..bc30abbd7 100644 --- a/_addons_bindings/exec/readme.md +++ b/_addons_bindings/exec/readme.md @@ -22,8 +22,17 @@ Currently, the binding supports a single type of Thing, being the `command` Thin ## Binding Configuration -The binding does not require any specific configuration. +For security reasons all commands need to be whitelisted. +Allowed commands need to be added to the `misc/exec.whitelist` file in the configuration directory. +Every command needs to be on a separate line. +Example: + +```shell +/bin/echo "Hello world!" +/usr/local/bin/apcaccess status +php ./configurations/scripts/script.php %2$s +``` **Linux:** Note that the commands are executed in the context and with the privileges of the process running the Java Virtual Machine. @@ -41,7 +50,6 @@ It is not advised to run the virtual machine as superuser/root. The "command" Thing requires the command to execute on the shell. Optionally one can specify: - - `transform` - A [transformation](https://www.openhab.org/docs/configuration/transformations.html) to apply on the execution result string. - `interval` - An interval, in seconds, the command will be repeatedly executed. Default is 60 seconds, set to 0 to avoid automatic repetition. - `timeout` - A time-out, in seconds, the execution of the command will time out, and lastly, @@ -53,7 +61,6 @@ For each shell command, a separate Thing has to be defined. Thing exec:command:uniquename [command="/command/to/execute here", interval=15, timeout=5, autorun=false] ``` - The `command` itself can be enhanced using the well known syntax of the [Java formatter class syntax](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html#syntax). The following parameters are automatically added: diff --git a/_addons_transformations/exec/readme.md b/_addons_transformations/exec/readme.md index 63346aeaa..5bc534356 100644 --- a/_addons_transformations/exec/readme.md +++ b/_addons_transformations/exec/readme.md @@ -21,6 +21,18 @@ In the given command line the placeholder `%s` is substituted with the input val The external program must either be in the executable search path of the server process, or an absolute path has to be used. +For security reasons all commands need to be whitelisted. +Allowed commands need to be added to the `misc/exec.whitelist` file in the configuration directory. +Every command needs to be on a separate line. + +Example: + +```shell +/bin/date -v1d -v+1m -v-1d -v-%s +numfmt --to=iec-i --suffix=B --padding=7 %s + +``` + ## Examples ### General Setup @@ -65,7 +77,7 @@ Or replace it with numfmt --to=iec-i --suffix=B --padding=7 %s ``` -When the input argument for `%s` is 1234567 it will return the bytes formated in a better readable form +When the input argument for `%s` is 1234567 it will return the bytes formatted in a better readable form ```shell 1.2MiB