禁止在 Bash 脚本输入中使用标志?
我目前正在制作一个bash脚本来获取用户的输入,并通过 grep 。 我没有太多,但是此脚本的要求也不需要太多。该脚本的一个要求是安全地创建脚本(通过安全脚本)。
我遇到的问题是,标志可以传递到GREP中,这导致了普通用户不想要的事情。运行- 我的输入中的帮助例如, grep -help 。这是我到目前为止所拥有的:
#!/bin/bash
read -r -p "Input string: " input
[ -z "$input" ] || grep "$input" ../dict.txt
要注意的一件事是,我试图在确保其安全的同时保持最小的代码(在此确保其安全是主要的优先级)。
I am currently making a Bash Script to take the users' input and pass it through Grep.
I don't have much, but the requirements for this script do not require for much either. One requirement for the script is to create the script securely (via secure scripting).
The problem I am running into is that flags can be passed into Grep which lead to things an average user does not want. Running --help in my input brings up the same as grep --help, for example. Here is what I have so far:
#!/bin/bash
read -r -p "Input string: " input
[ -z "$input" ] || grep "$input" ../dict.txt
One thing to note is that I am trying to keep my code as minimal as possible while keeping it secure (where keeping it secure is the main priority).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
可以在此处完成简单修复:
这里的双重破折号充当一个没有值的标志,这对于试图仅用于预期用途的任何人都有用。我将全部归功于 @ fravadona 。
Easy fix can be done here:
The double dash here acts as a flag without a value here which is useful for anyone trying to use the script for intended uses only. I give all credit to @Fravadona.