Sanitize Json for sending with Curl
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.
Code example that sends requests and parses response json to RESP variable:
RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json"
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`
how to sanitize, or json encode $USERINPUT before creating json payload?
bash curl json
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
add a comment |Â
up vote
1
down vote
favorite
I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.
Code example that sends requests and parses response json to RESP variable:
RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json"
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`
how to sanitize, or json encode $USERINPUT before creating json payload?
bash curl json
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
2
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.
Code example that sends requests and parses response json to RESP variable:
RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json"
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`
how to sanitize, or json encode $USERINPUT before creating json payload?
bash curl json
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.
Code example that sends requests and parses response json to RESP variable:
RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json"
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`
how to sanitize, or json encode $USERINPUT before creating json payload?
bash curl json
bash curl json
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
asked Aug 18 '16 at 15:43
Hrvoje Hudo
1063
1063
2
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59
add a comment |Â
2
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59
2
2
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
Using jq:
USERINPUT=$'a e""R<*&4nthello!''
This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"
This builds a JSON object containing the user data as the value for the lone Attribute field.
The same thing using short options:
data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"
From this we get
"Attribute":"ae""R<*&u0004nthello!'"
as the value in $data.
This can now be used in your call to curl:
RESP="$( curl --connect-timeout "10" -s
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
add a comment |Â
up vote
0
down vote
You can use the Python module json.tool from the command line to parse JSON:
export USERINPUT="[1,2,3]"
echo $USERINPUT| python -mjson.tool
[
1,
2,
3
]
answered Oct 21 '16 at 21:53
velotron
1011
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Using jq:
USERINPUT=$'a e""R<*&4nthello!''
This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"
This builds a JSON object containing the user data as the value for the lone Attribute field.
The same thing using short options:
data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"
From this we get
"Attribute":"ae""R<*&u0004nthello!'"
as the value in $data.
This can now be used in your call to curl:
RESP="$( curl --connect-timeout "10" -s
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
add a comment |Â
up vote
3
down vote
Using jq:
USERINPUT=$'a e""R<*&4nthello!''
This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"
This builds a JSON object containing the user data as the value for the lone Attribute field.
The same thing using short options:
data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"
From this we get
"Attribute":"ae""R<*&u0004nthello!'"
as the value in $data.
This can now be used in your call to curl:
RESP="$( curl --connect-timeout "10" -s
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Using jq:
USERINPUT=$'a e""R<*&4nthello!''
This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"
This builds a JSON object containing the user data as the value for the lone Attribute field.
The same thing using short options:
data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"
From this we get
"Attribute":"ae""R<*&u0004nthello!'"
as the value in $data.
This can now be used in your call to curl:
RESP="$( curl --connect-timeout "10" -s
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
Using jq:
USERINPUT=$'a e""R<*&4nthello!''
This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"
This builds a JSON object containing the user data as the value for the lone Attribute field.
The same thing using short options:
data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"
From this we get
"Attribute":"ae""R<*&u0004nthello!'"
as the value in $data.
This can now be used in your call to curl:
RESP="$( curl --connect-timeout "10" -s
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
edited Sep 25 at 8:54
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
answered Jan 24 '17 at 22:45
Kusalananda
108k14209332
108k14209332
add a comment |Â
add a comment |Â
up vote
0
down vote
You can use the Python module json.tool from the command line to parse JSON:
export USERINPUT="[1,2,3]"
echo $USERINPUT| python -mjson.tool
[
1,
2,
3
]
answered Oct 21 '16 at 21:53
velotron
1011
add a comment |Â
up vote
0
down vote
You can use the Python module json.tool from the command line to parse JSON:
export USERINPUT="[1,2,3]"
echo $USERINPUT| python -mjson.tool
[
1,
2,
3
]
answered Oct 21 '16 at 21:53
velotron
1011
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You can use the Python module json.tool from the command line to parse JSON:
export USERINPUT="[1,2,3]"
echo $USERINPUT| python -mjson.tool
[
1,
2,
3
]
answered Oct 21 '16 at 21:53
velotron
1011
You can use the Python module json.tool from the command line to parse JSON:
export USERINPUT="[1,2,3]"
echo $USERINPUT| python -mjson.tool
[
1,
2,
3
]
answered Oct 21 '16 at 21:53
velotron
1011
answered Oct 21 '16 at 21:53
velotron
1011
answered Oct 21 '16 at 21:53
velotron
1011
answered Oct 21 '16 at 21:53
velotron
1011
1011
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f304263%2fsanitize-json-for-sending-with-curl%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59