ansaurus

Question

How to prevent code/option injection in a bash script

Answer 1

+2 A:

grep -w -- ...

prevents that interpretation in what follows --

EDIT

(I did not read the last part sorry). Yes, it is the only way. The other way is to avoid it as first part of the search; e.g. ".{0}-x" works too but it is odd., so e.g.

grep -w ".{0}$1" ...

should work too.

ShinTakezou 2010-06-10 08:48:42

__important note__ the {} works with extended regex, so add the -E option; (sorry, I've aliased grep to grep -E so didn't noticed at the beginning)

ShinTakezou 2010-06-10 09:04:47

You can do this in a basic regex (at least in the implementation of grep I tested with) by escaping the braces: `grep -w ".\{0\}$1" ...`

Gordon Davisson 2010-06-11 02:44:41

to ShinTakezou: Do you have another reference where the `--`-option is described? Or do you know the technical term for describing what `--` does, so one can search for it?

asmaier 2010-06-11 08:02:10

normally is a common practice on *nix/*nix-like systems, and I think it is common since is the way to tell getopt() to stop parsing for options (getopt() is a posix func that can be used to parse arguments): conventional, as usual: see http://linux.die.net/man/3/getopt and search for the sentence «The special argument "--" forces an end of option-scanning regardless of the scanning mode.»

ShinTakezou 2010-06-11 10:04:46

@Gordon Davisson : thanks! but I find excaping of {} () + etc. ugly and prefer -E and consider them special and to have to escape if I do want them not special

ShinTakezou 2010-06-11 10:07:36

@ShinTakezou : Thank you for the reference!

asmaier 2010-06-11 13:05:25

Answer 2

A:

Though not applicable in this particular case, another technique can be used to prevent filenames that start with hyphens from being interpreted as options:

rm ./-x

or

rm /path/to/-x

Dennis Williamson 2010-06-10 12:53:25

Gordon Davisson 2010-06-11 02:49:28

@Gordon: Bash: `[[ $FILE == -* ]] ...`

Dennis Williamson 2010-06-11 06:33:26

Answer 3

+1 A:

There's actually another code injection (or whatever you want to call it) bug in this script: it simply hands the output of grep to the [ (aka test) command, and assumes that'll return true if it's not empty. But if the output is more than one "word" long, [ will treat it as an expression and try to evaluate it. For example, suppose the file contains the line 0 -eq 2 and you search for "0" -- [ will decide that 0 is not equal to 2, and the script will print false despite the fact that it found a match.

The best way to fix this is to use Ignacio Vazquez-Abrams' suggestion (as clarified by Dennis Williamson) -- this completely avoids the parsing problem, and is also faster (since -q makes grep stop searching at the first match). If that option weren't available, another method would be to protect the output with double-quotes: if [ "$(grep -w -- "$1" "$FILE")" ]; then (note that I also used $() instead of backquotes 'cause I find them much easier to read, and quotes around $FILE just in case it contains anything funny, like whitespace).

Gordon Davisson 2010-06-11 03:07:25

ansaurus

tags:

views:

answers:

How to prevent code/option injection in a bash script

related questions