Ordoviz@lemmy.mltoGeneral Programming Discussion@lemmy.ml•How to audit a shell-completion script?
3·
1 year agoThe mojo, cpan and pip bash scripts don’t fail my test of “skimming over the source and looking for dangerous external commands like curl or rm
” (good syntax highlighting is helpful here). They look like typical completion scripts. However, if your Linux distribution has a pip completion script in their repos, prefer that one.
#!/bin/sh # Select a file with fzf from a database sorted by frecency and open it using # xdg-open. frece can be found at https://github.com/YodaEmbedding/frece DB_FILE=${FRECE_FILES_DB:-$HOME/.cache/frecent-files.csv} item=$(frece print "$DB_FILE" | fzf --tiebreak=index --scheme=path) [ -z "$item" ] && exit 1 frece increment "$DB_FILE" "$item" xdg-open "$item" #!/bin/sh # Update frece database DB_FILE=${FRECE_FILES_DB:-$HOME/.cache/frecent-files.csv} tmp_file=$(mktemp) fd -H . ~ > "$tmp_file" # use ~/.fdignore file to exclude certain dirs frece update "$DB_FILE" "$tmp_file" --purge-old rm "$tmp_file"