Re^4: Getting values with help of curl

I can get the values in Postman as followed: management/api/v2/GetDeviceInfo?active=false. And since im new in the company and to programming I got the task to write a script that does exactly the same but in perl. As a hint I got the info that you can do it with help of curl and $ARGV and the code posted above can be shortend acording to my coworker.

#Edit, got the solution, saving here for the future monks: my $content = system ("curl -s -k -u admin:pass https://url/management/api/v2/GetDeviceInfo?$ARGV[0]"); Upon typing perl test.pl active=true, prints every true value.

Comment on Re^4: Getting values with help of curl

Replies are listed 'Best First'.
Re^5: Getting values with help of curl by choroba (Cardinal) on Sep 01, 2022 at 14:18 UTC
system doesn't return the content, it returns the exit code. Therefore, your variable name is confusing. `map{substr$_->[0],$_->[1]\|\|0,1}[\\|\|{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^ARGV,3]`	[reply] [d/l]
Re^6: Getting values with help of curl by PerlMonkey22 (Novice) on Sep 07, 2022 at 09:50 UTC
Yes, I´ve changed it abit, works also fine and looks a bit better: my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDe +viceInfo?$ARGV[0]`; [download]	[reply] [d/l]
Re^7: Getting values with help of curl by afoken (Chancellor) on Sep 07, 2022 at 10:46 UTC
my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`; Instant shell injection vulnerability: `# have your validated backup ready perl yourscript.pl ';rm -rf /'` [download] And if someone can also gain control over the API server, a nice way to export data: `perl yourscript.pl ' --data-binary @/etc/passwd'` [download] In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (`curl -k` a.k.a. `curl --insecure`). And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]