Re: [Help-bash] safe parsing of configuration files?

[John Kearney]

you could do something like


  ks_val_ChkName() {
    case "${1:?Missing Variable Name}" in
      [!a-zA-Z_]* | *[!a-zA-Z_0-9]* | '' ) return 3;;
    esac
  }
    ks_val_Set() {
        ks_val_ChkName "${1}" || return $?
        eval "${1}"'="${2}"'
    }
  ks_cgf_Src() {
    local IFS=$'\n'
    local LC_COLLATE=C
    local cline_tmp
    local vval_tmp
    while read -d '' cline_tmp ; do
      case "${cline_tmp}" ; in
        \#* | '') continue;;  # skip empty lines and commented lines
        [a-zA-Z_]*=*)     # *[![:space:]]*) # non empty lines
          vval_tmp="${cline_tmp#*=}"
          vval_tmp="${vval_tmp#["']}"
          vval_tmp="${vval_tmp%["']}"
          ks_val_Set "${cline_tmp%%=*}" "${vval_tmp}" || echo "error '${cline_tmp}'"  
          ;;
        *)echo "skipping '${cline_tmp}'"
          continue;;
      esac
    done
  }

On Sun, May 5, 2013 at 12:18 AM, Jesse Molina <address@hidden> wrote:

Hi

I have brought this issue up previously.  See here:
http://lists.gnu.org/archive/html/help-bash/2012-07/msg00001.html



My opinion is that the "source" builtin needs an option specifically for this.

I do not think this can be safely done in bash itself.

adrelanos wrote:

Hi!

Is there a bulletproof way to parse configuration files using bash?

Layout:

(spaces)

    # comments...
    var1="something"

    # more comments...

    var2="something else"

    var3="Some

plain text

also includes spaces and empty lines
..."

(spaces)

How can I read an untrusted config file while preventing all kinds of
code execution from it?

Most competent on that question appeared:
http://wiki.bash-hackers.org/howto/conffile

"This filter only allows NAME=VALUE and comments in the file, though it
doesn't prevent all methods of executing code. I will address that
later." - This later never happened or I failed to find it.

Cheers,
adrelanos

--
# Jesse Molina
# Mail = address@hidden
# Cell = 1-602-323-7608