BTEQ-13206
Command-line flag options -do, -df, and -dr are now available for restricting the enabled BTEQ command set for blackboxed invocations.
These options provide a means for securely enabling BTEQ's use as a blackboxed tool that can be used to submit adhoc SQL.
The changes made introduce the following:
- A -do command line option for disabling the OS command
- A -df option for disabling commands requiring file IO -- meaning IMPORT, EXPORT, RUN, COMPILE and NOTIFY
- A -dr for disabling commands that redirect output streams -- meaning MESSAGEOUT and ERROROUT.
When BTEQ is being used in interactive mode, without stdout being redirected, BTEQ will generate a non-fatal error for attempts to use any of the disabled commands. When stdout is redirected, the error will instead be fatal and BTEQ will exit with RC=16.
For example, using Windows BTEQ for the following script named my.in:
.OS echo 'hi'
And the following BTEQ invocation:
bteq -do < my.in > my.out 2>&1
The contents of my.out will be :
BTEQ 17.00.00.03 (64-bit) Wed Jan 29 17:49:50 2020 PID: 45496 +---------+---------+---------+---------+---------+---------+---------+---- .OS echo 'hi' *** Error: OS command use is invalid for the process. The Disable OS Command option is in effect. Terminating the application. *** Exiting BTEQ... *** RC (return code) = 16