GAH! Bash script insanity

Chris Devers cdevers at pobox.com
Wed Jan 28 21:31:39 EST 2004 

On Wed, 28 Jan 2004, Joshua Pollak wrote:

> So the advice I got from the list re: my awk problem was great, and I'm 
> trying to implement it. Here is what I want to run:
> 
> sed -e s/#.*// ${CONFIG_FILE} | awk -F"=" '/${PARAMETER}/ { print $2 }'
> 
> The insanity comes from finding the right combination of "s, 's, and `s 
> so that $CONFIG_FILE and $PARAMETER are interpreted by the bash script 
> interpreter, while $2 is NOT, and is passed to awk

So use the variant I suggested earlier, and take awk out of the picture:

    $ sed  's/#.*//' ${CONFIG_FILE} | \
      grep "${PARAMETER}"          | \
      sed  's/^[^=]*=\(.*\)/\1/'

This strips out the comments from the file, then greps for your parameter,
then captures & saves everything after the '=' on matching lines. And it
doesn't have the multiple levels of variables, which should lead to at
least slightly weaker headaches :)


> I guess I want something like:
> 
> RESULT=`sed -e s/#.*// ${CONFIG_FILE}` | `awk -F"=" '/${PARAMETER}/ { 
> print $2 }' `

Are you sure? 

What if ${PARAMETER}="CMD" (for example), and the file has

    CMD=rm -rf /

? 

Do you trust the users not to put anything sloppy in the config file? If
so, then wrapping your pattern in backticks is okay, but if there's any
chance that something nasty could be in there -- and as a hunch, there's
*always* going to be some chance of that -- then executing that string
blindly may not be the wisest of possible ideas.

If you were doing this in Perl, taint mode would try to protect you from
some conditions like this. Warnings wouldn't hurt either. If you're trying
to get the same protection in Bash, I'm not sure how to go about it. 



My apologies if I'm being dense, but what exactly is the objective here?
What would a few sample lines from this config file look like, what data
exactly are you trying to extract from that file, and what are you trying
to do with the data you obtain? This would make a little more sense to me
if the fuller context was available...



-- 
Chris Devers

More information about the Discuss mailing list