Need to issue a DOS command from within a native COBOL program

In my COBOL program I would construct a DOS command like "copy EDITFILE.txt EDITFILE-Finance.txt"

Question:  how can I cause the COBOL program to actually issue that command?

  • CALL "SYSTEM" USING "CMD.EXE /C COPY /Y EDITFILE.txt EDITFILE-Finance.txt"".
    02 COPY-D PIC X (33) "EDITFILE.txt EDITFILE-Finance.txt".
    CALL "SYSTEM" USING COPY-D.
  • One little correction to ensure it is future proof..

    Remember to zero terminate the argument, either via the use of z" " or add a x"0" to the end of the pic x field.

    eg:

    CALL "SYSTEM" USING z"CMD.EXE /C COPY /Y EDITFILE.txt EDITFILE-Finance.txt".

    02 COPY-D PIC X (33) z"EDITFILE.txt EDITFILE-Finance.txt".
    CALL "SYSTEM" USING COPY-D.

  • Hello, I would like a more extensive explanation about the correction. I use this very regularly and it would be good for me to understand what you have suggested. Thank you so much.
  • Please elaborate on "returning status-code" - Why is it not used in the example? When is it necessary?
  • Please elaborate on "returning status-code" - Why is it not used in the example? When is it necessary?
  • The uppercase SYSTEM library api is a wrapper to the lowercase 'C' system api.  

    This uppercase wrapper version of the api ensure the terminal is setup before proceeding to the lowercase system api.

    The parameters to the api are passed through without being changed.   The 'C' system api takes a zero terminated string aka a "char *".

    The one exception being is you are compiling for ACU compatibility directives, an alternative SYSTEM library api is used, which does not require the parameter to be zero terminated.

    Both have the same name but expect the parameter to be different.

  • The CALL "SYSTEM" API, as Wascar and Stephen have discussed, is the recommended way to do this.

    However, please be aware that using the SYSTEM API or any other means of executing shell commands from a program is a serious security risk. Unless you are very careful to construct command lines only from untainted data, you have a potential injection vulnerabilty. It is almost always better to use specific APIs for the tasks you need to accomplish.

    In this case, MF COBOL provides a CBL_COPY_FILE API, described in the product documentation, which will copy a file without creating an injection vulnerability. (There may be other security issues, such as information disclosure, information corruption, and TOCTOU vulnerabilities, but those are more limited in scope and harder to exploit.)