On Thu, Nov 09, 2023 at 08:09:23PM +0100, Steffen Nurpmeso wrote:
> j() {
> local j= a=${AWK:-awk}
> [ $# -gt 0 ] && j='&& $2 !~ /(^| )('$(echo "$@" | tr ' ' '|')')( |$)/'
> j=$(jobs -l | $a -F '[][]' '/^[[]/'"$j"'{print "%" $2}{next}')
> echo $j
> }
Classic code injection vulnerability.
What are we even parsing? Start with the input:
unicorn:~$ sleep 5 &
[1] 849028
unicorn:~$ jobs -l
[1]+ 849028 Running sleep 5 &
OK, so you wanted to strip the "1" from "[1]" and turn that into "%1",
yes? That shouldn't be terribly hard in pure bash.
re='^\[([0-9]+)\]'
jobspecs=()
while IFS= read -r line; do
if [[ $line =~ $re ]]; then
jobspecs+=( "%${BASH_REMATCH[1]}" )
fi
done < <(jobs -l)
Wrap that in a function with local declarations, etc.
