Kontakt

Ansicht
Dokumentation

ABENABAP_SYSTEM_COMMANDS_APPL_DEPR - ABAP SYSTEM COMMANDS APPL DEPR

ABENABAP_SYSTEM_COMMANDS_APPL_DEPR - ABAP SYSTEM COMMANDS APPL DEPR

General Material Data   General Material Data  
This documentation is copyright by SAP AG.
SAP E-Book

Unwanted Calls of Operating System Statements

In addition to calls of function modules in the SXPG framework, operating system statements for the host computer of the current can also be executed in ABAP programs as follows:

  • The addition FILTER of the statement OPEN DATASET can be used for executing operating system statements using pipes.
  • The internal statement CALL can be used to call a special system function (SYSTEM), which can be used to execute operating system statements.

Neither of these options should be used for common execution of operating system statements in ABAP programs.

  • The addition FILTER of OPEN DATASET should only be used, if at all, for operating system statements required for file handling.
  • Calls of the system function SYSTEM with the internal statement CALL should never be made in application programs and can be deactivated using the profile parameter rdisp/call_system. If called, it then raises an uncatchable exception.

Both statements cause the following problems:

  • There are no central authorization checks.
  • The platform dependency of the operating system statements must be handled in the ABAP program itself.
  • Errors and exceptions cannot be handled specifically.
  • If input from external sources is used, it must be checked thoroughly and filtered to prevent system command injections on any platform.

Therefore, the SXPG framework should be used instead of these two options.

Note

Before the statements CALL 'SYSTEM' is deactivated using the profile parameter rdisp/call_system, it must be ensured that it is no longer used in any programs. Any programs that still use CALL 'SYSTEM' must first be switched to using the SXPG frameworks before the unwanted statement can be deactivated. The options in the SXPG frameworks generally cover all requirements when calling operating system statements.

Example

Call of the operating system statement ping for the central database server of the system on the host computer of the current using the addition FILTER of the statement OPEN DATASET. The output of the operating system statement is written to the opened file and can be read from there.

Example

Call of the operating system statement ping for the central database server of the system on the host computer of the current using the addition SYSTEM. The result of the call is placed in the internal table result. This example can only be executed if the profile parameter rdisp/call_system allows the call.






SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up   SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up  
This documentation is copyright by SAP AG.

Length: 4494 Date: 20240425 Time: 034621     sap01-206 ( 96 ms )