Viktor Dukhovni: > > > On Dec 2, 2016, at 1:30 AM, @lbutlr <krem...@kreme.com> wrote: > > > > I have a bash script that does it, and when a user wants this, I simply set > > up a crontab for them. Usually after a week or so they want it turned off. > > The script sends them a lightly styled HTML table in the email. > > > > The heart of the script is: > > > > if [ "$REJECT" = 1 ]; then > > echo '<tr><th> </th><th>IP address</th><th>Claimed address</th></tr>' > > bzgrep "$MATCHPAT" $LOGF | grep -i reject | egrep 'from=<[^>]+>' | grep > > -v "Protocol error" | \ > > grep -v "$EXCLUDE" | sort -u | sed 's/from=<//' | tr -d '>,[]:' | grep > > -v rejected | \ > > awk '{print "<tr><td class=\"rej\">REJECTED</td><td > > class=\"right\">"$16"</td><td>"$20"</td></tr>"}' > > fi > > Careful with that. To easy to create a script injection vector. > Bash is not a good language in which to construct safely quoted > remote content for injection into a suitable HTML skeleton.
In the AWK script, ``gsub(/[<>"]/, "_"); print...'' might do the job. Wietse