shell


“ps aux” output on the webpage?


I am wondering is this safe way to put ps aux into array and then display on the web? Or what could be done to improve it?
Example:
<table width="900px" border="1">
<tr>
<td> PID </td>
<td> CPU </td>
<td> Mem </td>
<td> Start </td>
<td> Command</td>
</tr>
<?php
exec("ps aux | grep -v grep | grep process.php", $psOutput);
if (count($psOutput) > 0) {
foreach ($psOutput as $ps) {
$ps = preg_split('/ +/', $ps);
$pid = $ps[1];
$cpu = $ps[2];
$mem = $ps[3];
$time = $ps[8];
$command = $ps[10] . " " . $ps[11];
echo "<tr>";
echo "<td>" . $pid . "</td>";
echo "<td>" . $cpu . "</td>";
echo "<td>" . $mem . "</td>";
echo "<td>" . $time . "</td>";
echo "<td>" . $command . "</td>";
echo "</tr>";
}
}
?>
</table>
I am wondering is this safe way to put ps aux into array and then display on the web? Or what could be done to improve it?
Nothing as far as I can tell. If this is the actual code and the command isn't created from user input, there is absolutely nothing wrong with this code, apart from the fact that <table width="900px"> is generally controlled by CSS, not HTML. But that's all the critique I can think of.
EDIT: Quentin makes a very valid point in that you should use htmlspecialchars before displaying in HTML.
Always use htmlspecialchars when displaying text in an HTML document. Someone might be using a < or & character as part of their command line
ps aux will show any commands running on the system — including any where that someone has included a password on the command line
Not a security problem, but the deprecated HTML width attribute takes an integer that is optionally followed by a % character, it doesn't take a CSS length.
Also not a security problem, but you should use table heading elements for your table headings.
To improve it you could simplify your exec a bit.
ps can look for process names for you using the -C option.
and you could manually list the columns you want to read out using the -o option. That way you will always get predictable output even if the ps aux command changes or whatever.
ps -C php -o args cpu | grep process.php
Look at "Standard Format Specifiers" in the ps man page to get all the columns you want.

Related Links

Can i implement the concept of circular queue in shell script
How to invoke time command with parameter and same behavior as without parameter?
C programming: Redirect the output of an encryption program into a .txt file [closed]
command line argument in shell
How do you grep a file and get the next 2 lines with a tab?
How to compare 2 files and extract information [closed]
How to sort the file without delimiter and extract the min and Max value
Formatting calendar in Linux Terminal
How to find which users logged in in the last 30 minutes UBUNTU 16.04
Fetch data from a file
Can I automate ssh connection? ssh user#server.company.com
Oozie— java: command not found - shell action
How to execute system command with an argument that contains spaces
Why the shell doesn't write the good hour and give me the year?
shell script with dynamic variable
Trying to get files from today date and result is displaying yesterday date files as well (Unix Korn Shell)

Categories

HOME
shell
fabricjs
assembly
hyperlink
eslint
ecmascript-6
mjml
composite-primary-key
socket.io
solver
requirements
spring-data-mongodb
zip
barcode
teechart
gource
3nf
powershell-v5.0
job-scheduling
android-7.0-nougat
foreign-keys
nim
connector
oledb
asp.net-core-webapi
dpdk
maze
testcomplete
scatter3d
playstation-portable
spring-security4
sharding
least-squares
raft
apic
git-rewrite-history
nohup
loading
c9.io
install.packages
avcapturedevice
signal-strength
reportservice2010
facebook-pixel
posixct
compiler-design
subnet
quicktime
oozie-coordinator
offline.js
visual-studio-2008-sp1
chromium-os
omxplayer
preprocessor
signalr.client
drawstring
installshield-2010
cifilter
qiime
ikiwiki
thread-sleep
crouton-os
relativelayout
themoviedb-api
r-package
computer-architecture
jdi
doctype
lasso
eoferror
nutiteq
kubuntu
zxspectrum
umlgraph
java-security
bcache
exceldatareader
nodelist
cosine-similarity
execve
gii
unix-socket
kissfft
personalization
spring-remoting
android-framework
menubar
cfcache
accesscontrolexception
gtm-oauth2
sphinxql
tlf
process-explorer
merb
facebook-timeline
css-reset
dolby-audio-api
font-awesome-4.0.0
server-administration
robotlegs
mkv
qi4j
sentestingkit
veracity
iboutlet
garbage
predicatebuilder
apache-commons-dbutils
catransform3d
mysql-error-1205
undefined-index
aspmenu
hbm2java
tabpanel
dojo-dnd
ifilter
wcf-proxy

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App