0
我试图用shell脚本进行松散通知。JSON和Shell脚本错误
JSON参数由变量形成,它们由MySql查询获得。
#!/bin/sh
#MySQL RO Access
host='mysqlserver.com'
userdb='slackro'
password='password'
db='db'
#Slack information
hook='https://hook.slack'
user='slackusr'
channel='o_channel'
emoji='slackusr'
#Query
id=`mysql -D $db -u $userdb -p$password -e 'SELECT id FROM ticket WHERE tn ='$1'' -h $host | sed -e '1d'`
tn=`mysql -D $db -u $userdb -p$password -e 'SELECT tn FROM ticket WHERE tn ='$1'' -h $host | sed -e '1d'`
title=`mysql -D $db -u $userdb -p$password -e 'SELECT title FROM ticket WHERE tn ='$1'' -h $host | sed -e '1d' | sed "s/'/ /g" | sed "s/°//g" | sed "s/ /_/g" `
customer=`mysql -D $db -u $userdb -p$password -e 'SELECT customer_id FROM ticket WHERE tn ='$1'' -h $host | sed -e '1d'`
msj=`mysql -D $db -u $userdb -p$password -e 'SELECT a_body FROM article WHERE ticket_id ='$id' ORDER BY id DESC LIMIT 1' -h $host | sed -e '1d'`
url='http://iiabox.infra.ultra.sur.top/otrs/index.pl?Action=AgentTicketZoom;TicketID'$1
#Message
curl -X POST -H 'Content-type: application/json' --data '{"username": "slackusr","icon_emoji": ":slackusr:","attachments": [{"fallback": "New Ticket","pretext": "New ticket from '$customer'","title": "'$title'","title_link": "'$url'","text": "'$msj'","color": "#006495"}]}' $hook
当我执行这个脚本我得到类似的东西
卷曲-X POST -H '内容类型:应用程序/ JSON' --data“{ “用户名”: “OTRS”,” icon_emoji“:”:slackusr:“,”附件“:[{”fallback“:”新票“,”借口“:”从[email protected]发出的新票“,”标题“:”Prueba'deNotificación' 6“,”title_link“:”http://site/otrs/index.pl?Action=AgentTicketZoom;TicketID2016110472000067“,”text“:”Cerrado“,”color“:”#006495“}]}'https://hooks.slack.com/ curl:(6)Could not resolve host:de curl:(6 )无法解析主机:xn - notificacin-zeb curl :(3)[通配符]无与伦比靠近支架/列152
托架我不理解为什么变量$标题的结果表明,“Prueba‘去Notificación’6"
如果我打印$标题变量与我得到的回声:“Prueba deNotificación6”没有简单的引号在第一个空格之前和最后一个空格之后。
我该怎么办?
此代码存在严重的影响安全性的错误。如果有人给出票号为'1'或'1'=='1',或票号为'',你认为会发生什么? DROP TABLE ticket; --'? –
至于安全形成JSON,而不是字符串连接(它使你负责正确的引用),使用一个工具,如理解语法的'jq'。 –
...以及壳侧的其他错误,请参阅http://shellcheck.net/ –