我正在嘗試檢查當前檔案夾中具有特定擴展名的所有檔案,以查看這些行是否包含key=value鍵所在的對username,password或者key是否具有表單中的值ENC(...)。
如果有username,password或者key沒有與ENC(...)值配對,我需要檢測到這一點并因錯誤而失敗。
我目前已經撰寫了搜索 的代碼ENC(...),但僅此而已——它并不也在尋找username,password或key.
當前代碼
#!/bin/bash
pattern='username password key'
find='ENC('
FILE=test.properties #need to search for *.properties on that folder
if test -f "$FILE"; then
echo "$FILE exists."
#need to check on the line that has a word in pattern if has the value of $find
# for example on the *.properties on line starting with username if it has the value of $find
while read -r line
do
case $line in
*${find}*)
echo $line " encrypted"
;;
esac
done < $FILE
else
echo "$FILE does not exist."
fi
測驗用例
以下內容在運行時會創建一個目錄,腳本應在該目錄中發出如下所示的輸出:
#!/bin/sh
testdir="$(mktemp -d "testdir.XXXXXX")" || exit
cd "$testdir" || exit
cat >a-good.properties <<EOF
# comments do not have any effect, neither do other keys
otherkey=also_ignored
# but other keys _can_ have encrypted values, it just doesn't matter
yet_another_key_but_encrypted=ENC(fffggghhh)
username=ENC(aaabbbccc)
password=ENC(bbbcccddd)
key=ENC(dddeeefff)
EOF
# a log with no key, value or password doesn't matter
cat >b-irrelevant.properties <<EOF
other_key=other_value
EOF
cat >c-bad.properties <<EOF
# this log has unencrypted data, we should fail when it exists
username=someone
password=ThisIsASecretDontTellAnyone
key=ThisIsAnotherSecret
EOF
echo "Test-suite files created in directory $testdir" >&2
期望的輸出
a-good.properties exists.
username=ENC(aaabbbccc) is encrypted
password=ENC(bbbcccddd) is encrypted
key=ENC(dddeeefff) is encrypted
b-irrelevant.properties exists.
c-bad.properties exists.
ERROR: username should be encrypted but is not.
ERROR: password should be encrypted but is not.
ERROR: key should be encrypted but is not.
...退出狀態應該是一個錯誤。
uj5u.com熱心網友回復:
從 glob 樣式運算式(與 一起使用case)切換到 ERE 語法正則運算式將使您的任務更輕松。
鑒于您試圖從評論中解決的問題的描述,在本機 bash 中實作它(而不是使用類似的工具grep)可能看起來像:
#!/usr/bin/env bash
case $BASH_VERSION in '') echo "ERROR: must be run with bash" >&2; exit 1;; esac
faults_found=0
encryption_required_re='^[[:space:]]*(username|password|key)=(.*)$'
encryption_present_re='ENC[(][^)] [)]'
for file in *.properties; do
if [[ -f $file ]]; then
echo "$file exists" >&2
else
continue # no properties files found so the glob didn't expand
fi
while IFS= read -r line; do
# ignore lines that do not match encryption_required_re
[[ $line =~ $encryption_required_re ]] || continue
key=${BASH_REMATCH[1]}; value=${BASH_REMATCH[2]}
# ignore lines where value matches encryption_present_re
[[ $value =~ $encryption_present_re ]] && {
printf '%s\n' "$key=$value encrypted" >&2
continue
}
# flag so the script fails on exit, and print an alert to stderr
(( faults_found ))
printf '%s\n' "ERROR: $file: $key should be encrypted but is not" >&2
done <"$file"
done
# exit with status 1 if faults_found is nonzero
exit $(( faults_found ? 1 : 0 ))
在https://replit.com/@CharlesDuffy2/NavyThirdVerification#example.bash查看運行此代碼的 repl(僅為便于測驗而修改)
否則,一種快速而骯臟的方法grep可能如下所示:
#!/bin/sh
if grep -Ee '^(username|password|key)=' *.properties \
| grep -Ev '=ENC[(].*[)]'; then
echo "ERROR: Found unencrypted secrets" >&2
exit 1
else
echo "No unencrypted secrets found" >&2
exit 0
fi
...note that this one writes those unencrypted secrets to your terminal, which may be undesired behavior.
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/447735.html
標籤:重击