Re: [Help-bash] Sourcing only valid variables from a script configuration file

[Steven W. Orr]

On 7/2/2012 4:15 AM, Jesse Molina wrote:
> Hello everyone
>
> I am trying to do something that bash doesn't seem to be very good at. I'll
> admit right now that the best advice for myself would be to re-write my script
> in python or perl. However, I really wanted to do this in bash for educational
> purposes. Thus, I have created a monster.
>
> I have a script which reads a configuration file, which is simply made up of
> comments and variable assignments.
>
> 'source' is the obvious correct command to bring this configuration file into
> the script. However, I want input validation and other protections against
> commands and other non-expected data from being in the configuration file.
>
> In this configuration file, the variables are known and expected. If an
> expected variable is missing or invalid, we exit with an error. If addition
> non-variable or comment data is in the configuration file, we should also exit
> with an error.
>
> I will probably end up writing a function to validate the stat() on the file,
> grep for anything invalid, make sure there are no command substitution or
> similar nonsense within the valid variables, and the like.
>
> Does anyone have any helpful advice for me on this subject beyond what I
> already know here?
>
>
>
> FYI I spent an hour or two googling around and came up with the following
> articles. Mostly, it was confirmed that there isn't a built-in to make this
> easy, which disappointed me:
>
> http://lcorg.blogspot.com/2010/06/using-configuration-files-with-shell.html
>
> http://stackoverflow.com/questions/4434797/read-a-config-file-in-bash-without-using-source
>
>
> http://wiki.bash-hackers.org/howto/conffile
>
> https://bbs.archlinux.org/viewtopic.php?id=39451
>
> http://stackoverflow.com/questions/5983558/reading-a-config-file-from-a-shell-script

This question intrigues me. In python, a call to execfile will solve your 
problem. The trick is to use the 3-arg form to insulate your variables. e.g.,

dd = {}
execfile('params', globals(), dd)

A possible constraint is that the contents of params has to be pretty language 
agnostic. The best way to do that is to define that there may not be white 
space around the assignment.

So, here's a possible params file:

A1='Hello'
A2='How are you'
A3=44
A4='rm -rf /'

To read that in in bash, all you have to do is to say

. ./params

The ./ might be needed because . uses $PATH.

Now it gets interesting. You could run *anything* in that file, and in the 
right circumstances, you might have to protect yourself from such nefarious 
attacks.

In that case, in bash, you'd have to use a while read loop. Maybe, something 
like this:

typeset a_line
typeset -r re='(A[1-4])=(.+)'
while read a_line
do
    if [[ ${a_line} =~ $re ]]
    then
        case "${BASH_REMATCH[1]}" in
        A1)
            check_A1_vals "${BASH_REMATCH[2]}" && \
                A1="${BASH_REMATCH[1]}"
            ;;
        A2)
            check_A2_vals "${BASH_REMATCH[2]}" && \
                A2="${BASH_REMATCH[1]}"
            ;;
        A3)
            check_A3_vals "${BASH_REMATCH[2]}" && \
                A3="${BASH_REMATCH[1]}"
            ;;
        A4)
            check_A4_vals "${BASH_REMATCH[2]}" && \
                A4="${BASH_REMATCH[1]}"
            ;;
        esac
    fi
done < params
if [[ -z "$A1" || -z "$A2" || -z "$A3" || -z "$A4" ]]
then
    err 'Not all expected params received.'
fi

Because of the temp dict in python, there's no need to protect yourself. It's 
automatic.

--
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net