From: Jerry Peters on
Icarus Sparry <usenet(a)icarus.freeuk.com> wrote:
> On Fri, 05 Mar 2010 07:08:45 -0800, zy wrote:
>
>> I would like to list all the external programs that will be possibly
>> executed by a given bash script.
>>
>> Anyone knows a way to do this without messing with /bin/bash source
>> code?
>
> Not possible - unless you generate a list of every program on the machine.
>
> Consider what programs can be run by
>
> eval $(evil)
>
> this will take the output of the "evil" program and will use it as the
> command to run. Since you do not know all possible outputs of the "evil"
> program in advance, you can not see all the things that might possibly be
> executed.
>
> You could get an approximate list by attempting to parse the shell input,
> or even just doing pattern matching, so remove comments, remove strings
> and other quoted things, remove keywords, join continued lines, get the
> first word on each line or after a semicolon.
>
And after if, `, $(, &&, ||, and |.
But that's only the *obvious* commands.

Jerry
From: zy on
On Mar 6, 1:25 am, OldSchool <scott.my...(a)macys.com> wrote:
> On Mar 5, 10:08 am, zy <zyc...(a)gmail.com> wrote:
>
> > I would like to list all the external programs that will be possibly
> > executed by a given bash script.
>
> > Anyone knows a way to do this without messing with /bin/bash source
> > code?
>
> do you really mean "Given script xyz, I want to create a list of all
> non-builtin commands existing in that script?"

Yes , this is what I would like to
From: zy on
On Mar 6, 1:36 am, Icarus Sparry <use...(a)icarus.freeuk.com> wrote:
> On Fri, 05 Mar 2010 07:08:45 -0800, zy wrote:
> > I would like to list all the external programs that will be possibly
> > executed by a given bash script.
>
> > Anyone knows a way to do this without messing with /bin/bash source
> > code?
>
> Not possible - unless you generate a list of every program on the machine..
>
> Consider what programs can be run by
>
> eval $(evil)
>
> this will take the output of the "evil" program and will use it as the
> command to run. Since you do not know all possible outputs of the "evil"
> program in advance, you can not see all the things that might possibly be
> executed.
This is indeed a problem for the question. However, fortunately all
the script that I want to parse for the moment do not contain eval.

> You could get an approximate list by attempting to parse the shell input,
> or even just doing pattern matching, so remove comments, remove strings
> and other quoted things, remove keywords, join continued lines, get the
> first word on each line or after a semicolon.
I have tried this before posting. I find matching quotes correctly and
removing all the string a big task that I failed
From: Icarus Sparry on
On Fri, 05 Mar 2010 18:03:43 -0800, zy wrote:

> On Mar 6, 1:36 am, Icarus Sparry <use...(a)icarus.freeuk.com> wrote:
>> On Fri, 05 Mar 2010 07:08:45 -0800, zy wrote:
>> > I would like to list all the external programs that will be possibly
>> > executed by a given bash script.
>>
>> > Anyone knows a way to do this without messing with /bin/bash source
>> > code?
>>
>> Not possible - unless you generate a list of every program on the
>> machine.
>>
>> Consider what programs can be run by
>>
>> eval $(evil)
>>
>> this will take the output of the "evil" program and will use it as the
>> command to run. Since you do not know all possible outputs of the
>> "evil" program in advance, you can not see all the things that might
>> possibly be executed.
> This is indeed a problem for the question. However, fortunately all the
> script that I want to parse for the moment do not contain eval.

That does reduce the problem. Do you ever use variables to construct
commands - a contrived example might be

D=d
pw${D}

>> You could get an approximate list by attempting to parse the shell
>> input, or even just doing pattern matching, so remove comments, remove
>> strings and other quoted things, remove keywords, join continued lines,
>> get the first word on each line or after a semicolon.
> I have tried this before posting. I find matching quotes correctly and
> removing all the string a big task that I failed

The "lex" and related programs e.g. "flex" enable you to write compact
specifications to handle this kind of thing. Of course having spent a few
more seconds thinking about the issue I need to point out that you can
not remove strings unless you have determined that they are not in the
command position, as

"pwd" ; ls

will print out the current directory and then list the contents.
From: Janis Papanagnou on
Icarus Sparry wrote:
> On Fri, 05 Mar 2010 18:03:43 -0800, zy wrote:
>
>> On Mar 6, 1:36 am, Icarus Sparry <use...(a)icarus.freeuk.com> wrote:
>>> On Fri, 05 Mar 2010 07:08:45 -0800, zy wrote:
>>>> I would like to list all the external programs that will be possibly
>>>> executed by a given bash script.
>>>> Anyone knows a way to do this without messing with /bin/bash source
>>>> code?
>>> Not possible - unless you generate a list of every program on the
>>> machine.
>>>
>>> Consider what programs can be run by
>>>
>>> eval $(evil)
>>>
>>> this will take the output of the "evil" program and will use it as the
>>> command to run. Since you do not know all possible outputs of the
>>> "evil" program in advance, you can not see all the things that might
>>> possibly be executed.
>> This is indeed a problem for the question. However, fortunately all the
>> script that I want to parse for the moment do not contain eval.
>
> That does reduce the problem. Do you ever use variables to construct
> commands - a contrived example might be
>
> D=d
> pw${D}
>
>>> You could get an approximate list by attempting to parse the shell
>>> input, or even just doing pattern matching, so remove comments, remove
>>> strings and other quoted things, remove keywords, join continued lines,
>>> get the first word on each line or after a semicolon.
>> I have tried this before posting. I find matching quotes correctly and
>> removing all the string a big task that I failed
>
> The "lex" and related programs e.g. "flex" enable you to write compact
> specifications to handle this kind of thing. Of course having spent a few
> more seconds thinking about the issue I need to point out that you can
> not remove strings unless you have determined that they are not in the
> command position, as
>
> "pwd" ; ls
>
> will print out the current directory and then list the contents.

And combining those two, variables and strings, as in

D=d ; "pw$D"

but not

D=d ; "pw$D ; ls"

And depeding on the PATH resp. actual user

traceroute || echo no traceroute availabe

or just depending on the actual parameters

${1:-echo} args

I think the best approach would be to overlay the exec calls by an own
function that logs the function prior to exec'ing.

Janis