Tried to execute command but not in whitelist (EXEC)?

I placed ‘Python “absolute path to python program” %s’ in exec whitelist, but it shows ‘Tried to execute “command” but not in whitelist’. I am probably making some stupid mistake, any help?

Do you check that the CMD is 1:1 the same in “the binding configuration of the Thing” and in the “single line of the /etc/openhab/misc/exec.whitelist file”?


@timl where I placed the command was in profile configuration for the item where it has the exec profile option and a box for command, will this not work?

Hmm… profile? The command in the Thing configuration and the Whitelist ( Exec - Bindings | openHAB ) have to be 1:1 the same. Otherwise the Thing could not execute the command.

I was trying to follow Exec - Transformation Services | openHAB.

So I created a new thing from the exec binding and placed the same command in the thing config and the whitelist file. What I’m trying to do is whenver the value of item changes, I would like the command to run and change the value with the script output.

This is where I placed the command:

which should work like a transformation and replace the value right? but it’s not working

What @timl is saying by 1 to 1 is the whitelist line must match character for character, including case. With this screen shot the whitelist entry must be exactly

Python C:\openHAB\conf\scripts\ %s

The whole command needs to be there, including the %s.

You might need to double escape those back slashes if that doesn’t work. I’ve never see people use the Exec transformation on Windows, and it’s rarely used at all by others. There is very little reason to do so and it’s really heavy weight.

@rlkoshak The reason im relying on exec is because…I need some sort of a transformation that decrypts the mqtt message. The crypto/decrypting npm modules weren’t working using javascript, so I thought maybe I could have an external program doing the decryption using whatever libraries needed and I would simply replace the value with the output. Is there a better way to do this?

Can you use the Java to decrypt it? All of base Java is available to the JS Transformation.

By “not working with javascript” I assume you installed and were trying to use it with the JS Scripting add-on and implement this in a rule not a transformation. As of right now, only Nashorn ECMAScript 5.1 is available in the JS Transformation (all supported rules languages will become available as a transformation sometime soon I hope, most of the work is done and it needs to be merged) and obviously node libraries won’t work there.

And don’t get me wrong. I’m not saying you shouldn’t use the Exec transformation for this. I’m just explaining why you’re not getting a lot of direct help. It’s a rarely used feature few have any experience with.

Definitely can, I will try using Java and see if it works!

I tried both transformation and scripting but didn’t work, most probably because of the node libraries

Yeah I’m seeing this now, not a lot of discussions on previous posts either.

Can I just normally write in java and use java libraries in js transformation? When choosing the file for js transformation, I would use a file right?

Note, to use a Java class in the JS transformation you’ll need to “type” it.

var Cipher = Java.type("javax.crypto.Cipher");

Again, there are two JavaScript languages supported by openHAB.

  1. Nashorn: comes with OH by default, the only language supported in the JS Transformation, ECMAScript 5.1 not compatible with node libraries.

  2. JS Scripting: needs to be installed (Automation add-on), ECMAScript 2021, can only be used in rules, compatible with many but maybe not all node libraries.

Which one did you use and how? A crypto node library should work with a JS Scripting rule. There can be a lot of reasons why it wouldn’t but most of the things that cause trouble have to do with threading which I wouldn’t expect to happen in a crypto library.

No, but there is an automation add-on that lets you write your Rules in normally written Java. JRule - OpenHAB Rules using Java

Both Nashorn JavaScript and JS Scripting (which runs on GraalVM) are JS engines running on the JVM. Consequently in addition to implementing core ECMAScript 5.1 and ECMAScript 2021 language features, also have access to all of Java and much of the core openHAB Java classes too. So you can import and use Java Classes in your JavaScript (see the Java.type from above).

I knew nashorn didn’t support node libraries, so I used the newer version with a rule, and for the script I chose ECMAScript 2021 and inside it I used node-forge and crypto but it gave me errors (something related to window I think? sorry i forgot the exact message), although it worked with other node libraries.

I will try using Java.type, thanks!

@rlkoshak this was the error I got, when I tried using certain node libraries (node forge and crypto) in js scripting (ECMAScript 2021)

[internal.handler.ScriptActionHandler] - Script execution of rule with UID 'decrypt' failed: org.graalvm.polyglot.PolyglotException: ReferenceError: "window" is not defined

Do you think this is a compatibility issue or something else? Thanks

That error means that the decrypt function is trying to use something called window but window doesn’t exist. So all I can surmise is either npm didn’t install all the libraries the decrypt library depends on for some reason or you might not be using decrypt correctly or something. I don’t think it’s a compatibility issue.

@rlkoshak hmm when I run it on vscode it decrypts and displays the plaintext completely fine though, so I think the implementation of the library is correct. As far as installing npm modules for openhab what i did was change directory to automation/js in cmd and ran
npm install node-forge
…that should do the job right? When I looked up the window error I found that it might be a thing only for browsers and isn’t for node.js?

Also I think that decrypt might be referring to the rule…which is named decrypt.

I am using this to try to update the value, could this cause the issue?


here decrypted is just an empty/placeholder item which is supposed to hold the decrypted value. The rule is triggered when another item is updated.

That line would only cause problems if the resul;t of decrypt.output.toString() is something that sendCommand can’t handle. But that would generate a different error. If your rule doesn’t define or import something named “window”, the error is coming from inside the library. To learn anything more I suspect the source of that library would need to be looked at. Ultimately, the error is telling us window isn’t defined. Nothing more.

It wouldn’t make sense to have a node module that only works in a browser so I don’t think that’s it.

i think window is a browser feature which is probably used somewhere in this library, and in the other crypto library as well, but it’s not working with openhab, which is why I assumed it doesn’t support all node libraries. But the message is perfectly decrypted running in vscode though so I am pretty confident everything works as it should.

That’s why I keep trying to use exec :frowning:
So I tried calling this node js script (that uses node forge, which didnt work with openhab) from command in exec transformation, but where do I need to add the command? I added it in the whitelist file, and in item profile I chose exec and in the command box I pasted the command. Are there any other places? Exec transformation still isnt working

Node.js is a server. It runs JavaScript on the server, not in the browser. It would be odd for a node module installable by npm for use in Node.js to require a browser, especially one as generic as a crypto library. That’s why I doubt that’s the problem.

The fact it it runs in VSCode doesn’t really tell us too much beyond the fact that the node modules are installed in a location and a way that VSCode can see. For openHAB, all the modules, including all the modules that an installed module depends upon should be represented by a separate folder under automation/js/node_modules. If you don’t see a bunch of folders there that could be the problem. openHAB does not support globally installed modules (i.e. don’t install using npm install -g). VSCode does support globally installed modules.

But that’s neither here nor there.

For MQTT in the transformation property you’d put something like

EXEC:/full/path/to/script %s

If called from a Rules DSL Rule it would be something like

transform("EXEC", "/full/path/to/script %s", str)

The whitelist need to have “/full/path/to/script %s”, letter for letter match to the command.

I’m not sure how it looks for a Profile but I wouldn’t use a Profile here as it’s not needed.

Always watch the logs.

So in the UI in channel configuration

for incoming value transformation I have this:

node "C:\Users\username\OneDrive\Desktop\decrypt.js" %s

and I have the exact same thing in whitelist, copy pasted. But I get this error again:

Tried to execute 'node "C:\Users\username\OneDrive\Desktop\decrypt.js" %s', but it is not contained in whitelist.

Any ideas?

Well, as I mentioned on the other thread or maybe it was here (that’s why we prefer to only open one topic on a given issue) because you are on Windows you may need to escape the backslashes. Or you can try to use forward slashes which Java knows how to interpret even for Windows paths.




i just restarted and now it’s giving this:

Failed to execute commandLine '[node, "C:\Users\username\OneDrive\Desktop\decrypt.js", hello]'

Could it be the same reason? (hello is sent to mqtt so I guess %s worked)