Having Fun With 31.521 Shell Scripts
نویسندگان
چکیده
Statically parsing shell scripts is, due to various peculiarities of the shell language, a challenge. One of the difficulties is that the shell language is designed to be executed by intertwining reading chunks of syntax with semantic actions. We have analyzed a corpus of 31.521 POSIX shell scripts occurring as maintainer scripts in the Debian GNU/Linux distribution. Our parser, which makes use of recent developments in parser generation technology, succeeds on 99.9% of the corpus. The architecture of our tool allows us to easily plug in various statistical analyzers on the syntax trees constructed from the shell scripts. The statistics obtained by our tool are the basis for the definition of a model which we plan to use in the future for the formal verification of scripts.
منابع مشابه
Compiling the uncompilable: A case for shell script compilation
Shells, as command interpreters, are the classical way for humans to interact with computing systems, and modern shell features have extended this basic functionality with higher-level programming language constructs. Although implementing compilation in these shell languages is generally unprofitable and intractable, many advantages, such as isolation, filesystem abstraction, security, portabi...
متن کاملzymake: A Computational Workflow System for Machine Learning and Natural Language Processing
Experiments in natural language processing and machine learning typically involve running a complicated network of programs to create, process, and evaluate data. Researchers often write one or more UNIX shell scripts to “glue” together these various pieces, but such scripts are suboptimal for several reasons. Without significant additional work, a script does not handle recovering from failure...
متن کاملA Formally Verified Interpreter for a Shell-Like Programming Language
The shell language is widely used for various system administration tasks on UNIX machines, as for instance as part of the installation process of software packages in FOSS distributions. Our mid-term goal is to analyze these scripts as part of an ongoing effort to use formal methods for the quality assurance of software distributions, to prove their correctness, or to pinpoint bugs. However, t...
متن کاملThe Effect of Pre-written Scripts on the Use of Simple Software Security Analysis Tools
In this paper we study the effect of integrating lightweight, open source, static code security analysis tools using Ruby and shell scripts. Particular emphasis is placed on the effect of tool usability by this approach. By scripts simple analysis methods could be created so that used tools themselves were able to remain completely hidden from the end user. Scripts were used for automatically f...
متن کاملInjecting CSP for Fun and Security
Content Security Policy (CSP) defends against Cross Site Scripting (XSS) by restricting execution of JavaScript to a set of trusted sources listed in the CSP header. A high percentage (90%) of sites among the Alexa top 1,000 that deploy CSP use the keyword unsafe-inline, which permits all inline scripts to run—including attacker–injected scripts—making CSP ineffective against XSS attacks. We pr...
متن کامل