[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Detecting an opening { and a closing } in a variable
|
From: |
goncholden |
|
Subject: |
Re: Detecting an opening { and a closing } in a variable |
|
Date: |
Mon, 30 May 2022 18:42:37 +0000 |
------- Original Message -------
On Tuesday, May 31st, 2022 at 6:16 AM, Greg Wooledge <greg@wooledge.org> wrote:
> On Mon, May 30, 2022 at 05:00:07PM +0000, goncholden via wrote:
>
> > How can I detect an opening { and a closing } in variables such as
> >
> > "\*.{cp,cpp,f90,f95,f03,f08}"
>
>
> Literal answer:
>
> if [[ $var = {}* ]]; then
> echo "this variable has a { and a } and they're in the right order"
> fi
>
> Real answer:
>
> What are you trying to do?
>
> It looks like you're trying to prompt a user for terminal input which
> will be treated as a glob, but is also allowed to be a brace expansion
> which generates a list of globs.
>
> What you intend to do with these globs is unclear, but I'm betting it
> will involved an unquoted variable expansion leading to a cascade of
> pathname expansions.
>
> So, it sounds like you want to parse the brace expansion and create
> a list of globs just as the shell does.
>
> The naive answer to that is "let the shell do it". You have eval. This
> is what it's for.
>
> This becomes especially true if you want to allow nested brace expansions.
> Which I'm sure you do, because
>
> 21. If^H^HWhen the newbie's question is ambiguous, the proper
> interpretation will be whichever one makes the problem the hardest
> to solve.
>
> If you want to be fancy, you could try to prevent the end user's input
> from causing code injections when you eval it. This could end up anywhere
> from tricky to nightmare.
>
> So, you need to step back a bit and look at the whole picture. Is this
> program running in a security context in which code injections matter?
> Or is it something like a dumb function that the user is invoking for
> their own personal use, in their own interactive shell?
>
> If it's the latter, then don't break your neck doing backflips trying to
> secure eval against all possible code injections. Tell the user (yourself)
> not to do dumb-ass things.
I do not know the details on code injection. Am using a function that searches
for a phrase using grep.
local progl=( "\*.{rc,.el,c,f}" )
local pextd=( "${progl[@]}" "\*.{cp,cpp,f90,f95,f03,f08}" )
local inclsf=()
for el in "${incl[@]}" ; do
case $el in
"progl") inclsf+=( "${progl[@]}" ) ;;
"pextd") inclsf+=( "${pextd[@]}" ) ;;
"typog") inclsf+=( "${typog[@]}" ) ;;
*) inclsf+=( "$el" ) ;;
esac
done
if (( ${#incl[@]} > 0 )); then
# Split INCL by field separator FS
for ext in "${inclsf[@]}"; do
[[ "$ext" =~ "{*}" ]] && echo "Detected {}"
s="$ext"
[[ (! -z "$fs") && ("$ext" == *"$fs"*) ]] && s=${ext//"$fs"/" "}
for fltyp in $s; do
isufx+=( --include="$fltyp" )
done
done
fi
grep --null -r -l "${isufx[@]}" -e "$phrs" -- "${fdir[@]}"