Skip to main content
Unix & Linux

Return to Question

added 34 characters in body
Source Link
x-yuri
x-yuri
  • 3.6k
  • 13
  • 46
  • 70

Suppose you want your script to take variables from environment:

#!/usr/bin/env bash
set -eu

if (( ${A-} )); then
    echo true
else
    echo false
fi

Arithmetic expansion seems to be more reasonable here to handle (empty), 0, 1 cases, or else:

if [ "${A-}" ] && [ "${A-}" != 0 ]; then

But then,

$ A='1 - 1' ./1.sh
false
$ A='B = 1' ./1.sh
true

So now you can basically change variables, which you generally don't want to allow. What would you suggest? How to process boolean flags taken from environment variables?

Suppose you want your script to take variables from environment:

#!/usr/bin/env bash
set -eu

if (( ${A-} )); then
    echo true
else
    echo false
fi

Arithmetic expansion seems to be more reasonable here to handle (empty), 0, 1 cases, or else:

if [ "${A-}" ] && [ "${A-}" != 0 ]; then

But then,

$ A='1 - 1' ./1.sh
false

So now you can basically change variables, which you generally don't want to allow. What would you suggest? How to process boolean flags taken from environment variables?

Suppose you want your script to take variables from environment:

#!/usr/bin/env bash
set -eu

if (( ${A-} )); then
    echo true
else
    echo false
fi

Arithmetic expansion seems to be more reasonable here to handle (empty), 0, 1 cases, or else:

if [ "${A-}" ] && [ "${A-}" != 0 ]; then

But then,

$ A='1 - 1' ./1.sh
false
$ A='B = 1' ./1.sh
true

So now you can basically change variables, which you generally don't want to allow. What would you suggest? How to process boolean flags taken from environment variables?

Source Link
x-yuri
x-yuri
  • 3.6k
  • 13
  • 46
  • 70

bash arithmetic expansion seems to be prone to injection attacks

Suppose you want your script to take variables from environment:

#!/usr/bin/env bash
set -eu

if (( ${A-} )); then
    echo true
else
    echo false
fi

Arithmetic expansion seems to be more reasonable here to handle (empty), 0, 1 cases, or else:

if [ "${A-}" ] && [ "${A-}" != 0 ]; then

But then,

$ A='1 - 1' ./1.sh
false

So now you can basically change variables, which you generally don't want to allow. What would you suggest? How to process boolean flags taken from environment variables?