If I wanted to do this in a more programmatic way, on a file which isn't too big, I'd probably do the following, which checks each character as it's read. It's slow, but it works. Otherwise, I'd do this with grep(1), PERL, or AWK.
Code: Select all
Data=`< ~/.bashrc`
for (( Offset = 0; Offset <= ${#Data}; Offset++ )); {
Char=${Data:Offset:1}
case $Char in
[[:print:][:space:]]|'')
;;
*)
printf "Err: Character '%s' found.\n" "$Char" 1>&2
exit 1 ;;
esac
}
1000 wrote: ⤴Mon Dec 06, 2021 10:56 am
It is possible that the non-malicious file will be executed partially by "cat".
This is most often seen when the system or terminal is unstable or freezing.
I'm not sure how that would happen, as cat(1) should just read the data from the file, then display it onto the terminal. I mean, I suppose if cat(1) has some sort of vulnerability the code in a file could abuse, but I'd say that's something different.
What you're referring to there, sounds more like when data is interpreted as escape sequences, which is more of a benign inconvenience than something unsafe, as I understand and have experienced it. Running the `reset` almost always fixes the terminal.
That being said, it is possible to be a bit of a nuisance, and
potentially do some
somewhat unpleasant things with escape sequences, but I've never been all that concerned about that. I think that was more of an issue years ago, as software tends to prohibit the more alarming things by default.
If you're concerned, you could potentially minimize risk by reading from the file in a few other ways, using just the shell itself, such as:
Code: Select all
# Store the data into a simple variable, then display it.
Data=`< FILE`
printf '%s\n' "$Data"
# Use an array with `readarray` or `mapfile`, then dump the elements.
readarray Data < FILE
printf '%s' "${Data[@]}"
# Print the lines one at a time with a `while read` loop.
while read; do
printf '%s\n' "$REPLY"
done < FILE
By default, `read` won't properly use an escape sequence, which you can see by doing:
Code: Select all
read <<< "this \e[91mis\e[0m a test."
printf '%b\n' "$REPLY"
Yet, if you use the `-r` flag with the `read` builtin, the escape sequence is allowed to come to life. In this case, using the `%b` format specification with the `printf` builtin interprets the escape sequences, as demonstrated with the below commands.
Code: Select all
read -r <<< "this \e[91mis\e[0m a test."
printf '%b\n' "$REPLY"
The `help` for the `read` builtin shows this:
Code: Select all
-r do not allow backslashes to escape any characters
Which I've always found grossly unhelpful and misleading, because it actually
does allow escape sequences/characters to be interpreted by something like `echo` or `printf`. If you use `read` without `-r`, you will literally see the sequence
without the backslash ('\'). If anyone knows why they said it like that, please let me know, because it's baffled me for 7 years. Lol