0
0
Bash Scriptingscripting~20 mins

Script security best practices in Bash Scripting - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Script Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Output of a script with safe variable usage
What is the output of this bash script when run?

#!/bin/bash
user_input="; rm -rf /"
echo "Hello, $user_input!"
Bash Scripting
#!/bin/bash
user_input="; rm -rf /"
echo "Hello, $user_input!"
AHello, ; rm -rf /!
BHello, !
CSyntax error
DCommand executed: rm -rf /
Attempts:
2 left
💡 Hint
Look at how the variable is used inside double quotes.
💻 Command Output
intermediate
1:30remaining
Effect of unquoted variables in bash scripts
What happens when this script runs?

#!/bin/bash
user_input="file.txt; rm -rf /"
cat $user_input
Bash Scripting
#!/bin/bash
user_input="file.txt; rm -rf /"
cat $user_input
AScript exits silently with no output
BSyntax error due to unquoted variable
COnly contents of file.txt printed safely
DContents of file.txt printed, then system tries to run rm -rf / command
Attempts:
2 left
💡 Hint
Think about how the shell interprets unquoted variables with special characters.
📝 Syntax
advanced
1:30remaining
Identify the secure way to read user input in bash
Which option securely reads user input into a variable without allowing command injection?
Aread user_input; echo $user_input
Bread user_input; eval "$user_input"
Cread user_input; echo "$user_input"
Dread user_input; bash -c "$user_input"
Attempts:
2 left
💡 Hint
Avoid running user input as code.
🔧 Debug
advanced
2:00remaining
Debugging a script vulnerable to command injection
This script is vulnerable to command injection. Which option fixes it?

#!/bin/bash
filename=$1
cat $filename
Bash Scripting
#!/bin/bash
filename=$1
cat $filename
Acat "$filename"
Bcat $filename | grep -v rm
Ccat ${filename}
Dcat `echo $filename`
Attempts:
2 left
💡 Hint
Quoting variables prevents word splitting and command injection.
🚀 Application
expert
2:30remaining
Secure script to safely handle filenames with spaces and special chars
You want to write a bash script that lists details of files given as arguments. Which script correctly handles filenames with spaces and special characters safely?
A
#!/bin/bash
for file in $*; do
  ls -l "$file"
done
B
#!/bin/bash
for file in "$@"; do
  ls -l "$file"
done
C
#!/bin/bash
for file in "$*"; do
  ls -l "$file"
done
D
#!/bin/bash
for file in $@; do
  ls -l $file
done
Attempts:
2 left
💡 Hint
Check how the script iterates over arguments and quotes variables.