Sanitize Json for sending with Curl

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.



Code example that sends requests and parses response json to RESP variable:



RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json" 
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`


how to sanitize, or json encode $USERINPUT before creating json payload?










share|improve this question

















  • 2




    Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
    – choroba
    Aug 18 '16 at 15:59














up vote
1
down vote

favorite












I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.



Code example that sends requests and parses response json to RESP variable:



RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json" 
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`


how to sanitize, or json encode $USERINPUT before creating json payload?










share|improve this question

















  • 2




    Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
    – choroba
    Aug 18 '16 at 15:59












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.



Code example that sends requests and parses response json to RESP variable:



RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json" 
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`


how to sanitize, or json encode $USERINPUT before creating json payload?










share|improve this question













I have to send a POST request to some service with json payload, and it includes some user input. That input variable needs to be Json-encoded to prevent injection attacks.



Code example that sends requests and parses response json to RESP variable:



RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json" 
-X POST -d ' "Attribute": '"'$USERINPUT'" ',
$ENDPOINT | $JQ -r '.key'`


how to sanitize, or json encode $USERINPUT before creating json payload?







bash curl json






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 18 '16 at 15:43









Hrvoje Hudo

1063




1063







  • 2




    Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
    – choroba
    Aug 18 '16 at 15:59












  • 2




    Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
    – choroba
    Aug 18 '16 at 15:59







2




2




Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59




Use a real programming language with a proper JSON library, e.g. Python, Perl, Ruby, whatever.
– choroba
Aug 18 '16 at 15:59










2 Answers
2






active

oldest

votes

















up vote
3
down vote













Using jq:



USERINPUT=$'a e""R<*&4nthello!''


This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.



data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"


This builds a JSON object containing the user data as the value for the lone Attribute field.



The same thing using short options:



data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"


From this we get



"Attribute":"ae""R<*&u0004nthello!'"


as the value in $data.



This can now be used in your call to curl:



RESP="$( curl --connect-timeout "10" -s 
-H "Content-Type: application/json"
-X POST -d "$data"
"$ENDPOINT" | jq -r '.key' )"





share|improve this answer





























    up vote
    0
    down vote













    You can use the Python module json.tool from the command line to parse JSON:



    export USERINPUT="[1,2,3]"
    echo $USERINPUT| python -mjson.tool
    [
    1,
    2,
    3
    ]





    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f304263%2fsanitize-json-for-sending-with-curl%23new-answer', 'question_page');

      );

      Post as a guest






























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      3
      down vote













      Using jq:



      USERINPUT=$'a e""R<*&4nthello!''


      This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.



      data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"


      This builds a JSON object containing the user data as the value for the lone Attribute field.



      The same thing using short options:



      data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"


      From this we get



      "Attribute":"ae""R<*&u0004nthello!'"


      as the value in $data.



      This can now be used in your call to curl:



      RESP="$( curl --connect-timeout "10" -s 
      -H "Content-Type: application/json"
      -X POST -d "$data"
      "$ENDPOINT" | jq -r '.key' )"





      share|improve this answer


























        up vote
        3
        down vote













        Using jq:



        USERINPUT=$'a e""R<*&4nthello!''


        This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.



        data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"


        This builds a JSON object containing the user data as the value for the lone Attribute field.



        The same thing using short options:



        data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"


        From this we get



        "Attribute":"ae""R<*&u0004nthello!'"


        as the value in $data.



        This can now be used in your call to curl:



        RESP="$( curl --connect-timeout "10" -s 
        -H "Content-Type: application/json"
        -X POST -d "$data"
        "$ENDPOINT" | jq -r '.key' )"





        share|improve this answer
























          up vote
          3
          down vote










          up vote
          3
          down vote









          Using jq:



          USERINPUT=$'a e""R<*&4nthello!''


          This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.



          data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"


          This builds a JSON object containing the user data as the value for the lone Attribute field.



          The same thing using short options:



          data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"


          From this we get



          "Attribute":"ae""R<*&u0004nthello!'"


          as the value in $data.



          This can now be used in your call to curl:



          RESP="$( curl --connect-timeout "10" -s 
          -H "Content-Type: application/json"
          -X POST -d "$data"
          "$ENDPOINT" | jq -r '.key' )"





          share|improve this answer














          Using jq:



          USERINPUT=$'a e""R<*&4nthello!''


          This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.



          data="$( jq --null-input --compact-output --arg str "$USERINPUT" '"Attribute": $str' )"


          This builds a JSON object containing the user data as the value for the lone Attribute field.



          The same thing using short options:



          data="$( jq -nc --arg str "$USERINPUT" '"Attribute": $str' )"


          From this we get



          "Attribute":"ae""R<*&u0004nthello!'"


          as the value in $data.



          This can now be used in your call to curl:



          RESP="$( curl --connect-timeout "10" -s 
          -H "Content-Type: application/json"
          -X POST -d "$data"
          "$ENDPOINT" | jq -r '.key' )"






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Sep 25 at 8:54

























          answered Jan 24 '17 at 22:45









          Kusalananda

          108k14209332




          108k14209332






















              up vote
              0
              down vote













              You can use the Python module json.tool from the command line to parse JSON:



              export USERINPUT="[1,2,3]"
              echo $USERINPUT| python -mjson.tool
              [
              1,
              2,
              3
              ]





              share|improve this answer
























                up vote
                0
                down vote













                You can use the Python module json.tool from the command line to parse JSON:



                export USERINPUT="[1,2,3]"
                echo $USERINPUT| python -mjson.tool
                [
                1,
                2,
                3
                ]





                share|improve this answer






















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  You can use the Python module json.tool from the command line to parse JSON:



                  export USERINPUT="[1,2,3]"
                  echo $USERINPUT| python -mjson.tool
                  [
                  1,
                  2,
                  3
                  ]





                  share|improve this answer












                  You can use the Python module json.tool from the command line to parse JSON:



                  export USERINPUT="[1,2,3]"
                  echo $USERINPUT| python -mjson.tool
                  [
                  1,
                  2,
                  3
                  ]






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Oct 21 '16 at 21:53









                  velotron

                  1011




                  1011



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f304263%2fsanitize-json-for-sending-with-curl%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?