{{Header}}
{{title|title=
Shell Scripting
}}
{{#seo:
|description=How to detect if a Command contains Shell Scripting
}}
{{unicode_mininav}}
{{intro|
How to detect if a Command contains Shell Scripting
}}
= Introduction =
Warning: Copying and pasting commands from the Internet and executing them can lead to system compromise. This risk is higher when commands contain shell scripting and when the copied text contains hidden characters such as malicious Unicode.
See also:
* [[Shell|Hidden Text Attacks]]
* [[Unicode|Invisible Malicious Unicode Risks]]
= How to detect if a Command contains Shell Scripting =
Non-exhaustive list if common sh / bash scripting features.
* Any command that includes shell scripting such as
** Pipes: |; |&;
** Command chaining / separators: &&; ||; ;; a newline between commands;
** Background execution: &;
** Redirection (input/output): <; >; >>; <<; <>;
** Redirection (file descriptors): 0<; 1>; 2>; 2>>; &>; 2>&1; 1>&2; <&; >&;
** Here-doc and here-string: <<EOF; <<-EOF; <<<;
** Subshell / grouping: ( ); { };
** Process substitution: <(; >(;
** Command substitution: $(...); `...`;
** Variable expansion: $NAME; ${NAME};
** Parameter expansion operators: ${NAME:-...}; ${NAME:=...}; ${NAME:+...}; ${NAME:?...}; ${NAME#...}; ${NAME##...}; ${NAME%...}; ${NAME%%...};
** Arithmetic: $((...)); ((...)); let;
** Test / conditions: [ ]; [[ ]]; test;
** Conditional keywords: if; then; elif; else; fi;
** Case statements: case; in; esac;
** Loops: for; select; while; until; do; done;
** Functions: function; name() { ...; };
** Common shell builtins that execute or control execution: eval; exec; source; .; trap;
** Environment / variable control: NAME=value (variable assignment); export; unset; readonly; local; declare; typeset;
** Flow control: break; continue; return; exit; shift; getopts;
** Globbing and expansions: *; ?; [...]; {a,b}; ~;
{{Footer}}
[[Category:Documentation]]