What would be amazing is a tool that analyses the script first, figures out folders and files (and networking) it influences and allows to sandbox it accordingly.
This script wants to modify:
- /usr/local/program/*
- /etc/program/*
- $HOME/.program
Do you want to execute this? [Yes/No]
..because you know, what happens when you execute a script that does rm -rf /usr in the 100th step?
I’ll nitpick. I think
> # Ask for only a single character of input, so the user does not need to type an extra enter
plus
> echo "Please answer by typing n (for no), y (for yes), or Enter (also for yes)"
seem like it will lead to “y[enter]” so you accidentally accept a second line before you read it.
This is exactly what deno is useful for. Write your script in typescript and then run it with deno --prompt.
I made a little demonstration script.
deno run --prompt https://crux.land/4Lc2E2
It’s probably possible to craft a script that looks innocuous line-by-line, but does something malicious as a whole.
Possibly relevant, the bash restricted shell (bash -r):
https://www.gnu.org/software/bash/manual/html_node/The-Restr...
You can also do this with bashdb which is possibly also a more robust solution.
It would be interesting to have a shell that allowed transactions like a database and could list what files have been affected while in the transaction.
accept_whatsapp_terms_and_conditions="true"
Run command? [Y/n]Can I use it to run itself?
> Useful for running unknown scripts
Or just, you know, read them before you run them.
If you are considering using this tool, then I would suggest that you seriously reevaluate your life choices. You should never run shell scripts without reading them first, ever. That is so irresponsible. Validating shell scripts will make you a more competent and informed worker. Tools like this breed incompetence, and encourage carelessness.
You can fool it with ^H (Insert with ^V^H in vim)
Gives: