Skip to content

Instantly share code, notes, and snippets.

@nbqx
Created January 24, 2012 06:19
Show Gist options
  • Save nbqx/1668323 to your computer and use it in GitHub Desktop.
Save nbqx/1668323 to your computer and use it in GitHub Desktop.
hubot script test - exec any command
# hubot-scripts test
# usage:
# hubot cmd ls -la
#
fs = require('fs')
spawn = require('child_process').spawn
module.exports = (robot) ->
robot.respond /(cmd) (.*) (.*)/i, (msg) ->
cmd = msg.match[2]
arg = msg.match[3]
doing = spawn cmd, arg.split ' '
doing.stdout.on 'data', (data) ->
msg.send data
@charlestolley
Copy link

Using "(.*) (.*)" is a really sloppy way of handling arguments. A "." will match ANYTHING except a newline. This will mean that if there is more than one space, it will still match the entire string, and therefore will probably assign arguments in an unexpected way. Security concerns aside (I assume that you aren't worried if you're making a script to execute any command) it would make a lot more sense to use "\S*" (note the uppercase 'S') to match any non-whitespace character, or to simply use a single "(.*)" and break up the arguments elsewhere in the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment