Bash is just a shell that allows you to communicate with the computer and give it instructions. A script is basically just a set of instructions given to the computer to perform various useful tasks. A script helps you automate various tasks with the luxury of getting results faster than the normal process. Normally, you write a simple or advanced Bash command in the terminal, which is executed immediately. In Bash scripts, you can issue multiple statements or commands at once, and the computer executes them all only when you run the script. In short, a single Bash command can be executed in the terminal, but to execute a combination of multiple commands at once, you must create a Bash script. We mentioned below are the steps to use eval in Linux Bash Scripts.
Steps to use eval in Linux Bash Scripts
Use of eval
Step 1: Let’s run Bash commands through eval: Step 2: Let’s notice the expansion of the environment variable ‘USER’. /home/joeHello joeSun Mar 27 01:01:06 PM EDT 2022 Step 3: For more information, we should type help eval in the terminal.
Setting Variables in Current Shell
The eval built-in doesn’t spawn a child process. Therefore, we’re going to set variables for the current shell with it. Step 1: Let’s assume that the file ‘vars’ contains variable definitions: Step 2: Now, let’s put these variables into the current shell:
Variable Expansion in String
Step 1: Now, let’s substitute Bash variables embedded in a greeting template hello.txt: $ echo $foo $barFOO BAR Step 2: So let’s check:
Variable Indirection With eval
We’re going to define a Bash variable dynamically without knowing its name ahead. Step 1: So, let’s print the value of the last argument passed to the script last_arg: Step 2: Now, let’s test it: echo echo ”${$#}” # just for testeval echo ”${$#}” Step 3: Let’s catch that firstly we substitute the variable ‘#’. Its value is the number of arguments, 3 in our case. echo “${3}”foobar
Security Issues
When using eval, we should be aware of security issues it brings about. Step 1: Let’s consider a not safe variable indirection:
Basic String Sanitization With Double Quotes
Step 1: In the variable indirection cases, we should use double quotes as must-be protection: Hello all hello_from_evil.txt hello.txt vars
More Sanitization by Removing Content’s Quotes
Now let’s safely process the string from the hello_from_evil file. Step 1: First, let’s examine the eval‘s argument using echo instead: Step 2: So the culprit is a freed command separator. Step 3: Therefore, we’re going to remove all quotes using the replacement pattern ${content//”}:
Final Words
We hope you like our article on how to use eval in Linux Bash Scripts. By bash is meant not only the scripting language, but also the tools that come with the Linux operating system. Every single tool in Linux has its task and each one performs a different task individually. Bash is very useful whenever you need to combine all these tools and chain them together so that they all work in harmony to accomplish a task that is otherwise difficult to accomplish.
