我正在处理具有eval的现有shell脚本代码。我觉得eval在这里是不必要的,并希望删除避免注入。
请您检查代码并告知代码中为什么有eval。
FILE_PATH=`echo $1 | awk '{ print $10 }' | cut -f2 -d'"'
FILE_PATH=`(eval "echo ${FILE_PATH}")`
答案 0 :(得分:0)
如果$ 1与---"~/tttttttt.txt类似。
FILE_PATH将为~/tttttttt.txt而没有eval。
但是有eval;
FILE_PATH will be /home/user/tttttttt.txt
#!/bin/bash
path='-----"~/tttttttt.txt'
FILE_PATH=`echo $path | awk '{ print $1 }' | cut -f2 -d'"'`
echo "${FILE_PATH}"
ls -lart ${FILE_PATH}
FILE_PATH=`(eval "echo ${FILE_PATH}")`
echo $FILE_PATH
ls -lart ${FILE_PATH}
如果在脚本上方运行,则输出:
~/tttttttt.txt
ls: cannot access ~/tttttttt.txt: No such file or directory
/home/user/tttttttt.txt
-rw-rw-r-- 1 user user 0 Aug 26 15:54 /home/user/tttttttt.txt