bahmanm@lemmy.ml to General Programming Discussion@lemmy.mlEnglish · 1 year ago

How to audit a shell-completion script?

bahmanm@lemmy.ml to General Programming Discussion@lemmy.mlEnglish · 1 year ago

I just stumbled upon a collection of bash completions which can be quite handy: https://github.com/perlpunk/shell-completions

I tried mojo, cpan and pip completions in a sandbox and they worked like a charm!

The only question I’ve got is, has anyone ever done a security audit of the repository? Anyone has taken the time to look at the code? I could try auditing but I’m not even sure what to look for.

I feel quite wary of letting an unknown source access to my bash session and what I type.

Chat

bahmanm@lemmy.mlOP
link
fedilink
English
arrow-up
1·
1 year ago
Thanks. At least I’ve got a few clues to look for when auditing such code.

General Programming Discussion@lemmy.ml

programming@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programming@lemmy.ml

A general programming discussion community.

Rules:

Be civil.
Please start discussions that spark conversation

Other communities

Systems

Functional Programming

Also related

!opensource@lemmy.ml

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

2 users / day
33 users / week
170 users / month
608 users / 6 months
1 local subscriber
7.79K subscribers
309 Posts
426 Comments
Modlog