From d57940dd2d9a798ad957bbebbc26adc1d906cbde Mon Sep 17 00:00:00 2001 From: David Coomber <47242934+dcoomber@users.noreply.github.com> Date: Sun, 6 Sep 2020 11:08:10 +0200 Subject: [PATCH] README.* cosmetic updates --- README.html | 10 +++++----- README.md | 10 +++++----- README.txt | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.html b/README.html index 8665698..e5d8ee0 100644 --- a/README.html +++ b/README.html @@ -92,16 +92,16 @@ Written by Drew (@topkecleon) and Kay M (@gnadelwartz).
Linted by #ShellCheck
Uses JSON.sh and the magic of sed.
-Even bashbot is written in bash, it depends on commands typically available in a Unix/Linux Environment. More concret on the common commands provided by recent versions of coreutils, busybox or toybox, see Developer Notes
+Even bashbot is written in bash, it depends on commands typically available in a Unix/Linux Environment. More concrete on the common commands provided by recent versions of coreutils, busybox or toybox, see Developer Notes
Note for MacOS and BSD Users: As bashbot heavily uses modern bash and (gnu) grep/sed features, bashbot will not run without installing additional software, see Install Bashbot
Bashbot Documentation and Downloads are available on www.github.com
For more Information on how to install, customize and use your new bot, read the Documentation
@@ -193,7 +193,7 @@ It features background tasks and interactive chats, and can serve as an interfacWhenever you are processing input from untrusted sources (messages, files, network) you must be as careful as possible, e.g. set IFS appropriate, disable globbing (set -f) and quote everything. In addition delete unused scripts and examples from your Bot, e.g. scripts 'notify', 'calc', 'question', and disable all not used commands.
Note: Up to version v0.941 (mai/22/2020) telegram-bot-bash had a remote code execution (RCE) bug, please update if you use an older version! see Issue #125
One of the most powerful features of unix shells is variable and command substitution using ${}
and $()
, but as they are expanded in double quotes, this can lead to RCE and information disclosing bugs in complex scripts like bashbot. So it's more secure to escape or remove '$' in input from user, files or network.
A powerful tool to improve your scripts is shellcheck
. You can use it online or install shellcheck locally. Shellcheck is used extensive in bashbot development to ensure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests. In addition bashbot has a test suite to check if important functionality is working as expected.
A powerful tool to improve your scripts is shellcheck
. You can use it online or install shellcheck locally. Shellcheck is used extensively in bashbot development to ensure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests. In addition bashbot has a test suite to check if important functionality is working as expected.
If you're writing a script and it is taking external input (from the user as arguments or file system...), you shouldn't use echo to display it. Use printf whenever possible
# very simple
diff --git a/README.md b/README.md
index 397d9af..e790ab2 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Linted by [#ShellCheck](https://github.com/koalaman/shellcheck)
Uses [JSON.sh](http://github.com/dominictarr/JSON.sh) and the magic of sed.
Even bashbot is written in bash, it depends on commands typically available in a Unix/Linux Environment.
-More concret on the common commands provided by recent versions of [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands)
+More concrete on the common commands provided by recent versions of [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands)
*Note for MacOS and BSD Users:* As bashbot heavily uses modern bash and (gnu) grep/sed features, bashbot will not run without installing additional software, see [Install Bashbot](doc/0_install.md)
@@ -22,10 +22,10 @@ More concret on the common commands provided by recent versions of [coreutils](h
Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and [Downloads](https://github.com/topkecleon/telegram-bot-bash/releases) are available on www.github.com
## Documentation
-* [Introdution to Telegram Bots](https://core.telegram.org/bots)
+* [Introduction to Telegram Bots](https://core.telegram.org/bots)
* [Install Bashbot](doc/0_install.md)
* Install release
- * Install from githup
+ * Install from github
* Update Bashbot
* Notes on Updates
* [Get Bottoken from Botfather](doc/1_firstbot.md)
@@ -99,7 +99,7 @@ You are Botadmin
/info
-his is bashbot, the Telegram bot written entirely in bash.
+This is bashbot, the Telegram bot written entirely in bash.
It features background tasks and interactive chats, and can serve as an interface for CLI programs.
```
For more Information on how to install, customize and use your new bot, read the [Documentation](#Documentation)
@@ -136,7 +136,7 @@ One of the most powerful features of unix shells is variable and command substit
but as they are expanded in double quotes, this can lead to RCE and information disclosing bugs in complex scripts like bashbot.
So it's more secure to escape or remove '$' in input from user, files or network.
-A powerful tool to improve your scripts is ```shellcheck```. You can [use it online](https://www.shellcheck.net/) or [install shellcheck locally](https://github.com/koalaman/shellcheck#installing). Shellcheck is used extensive in bashbot development to ensure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests.
+A powerful tool to improve your scripts is ```shellcheck```. You can [use it online](https://www.shellcheck.net/) or [install shellcheck locally](https://github.com/koalaman/shellcheck#installing). Shellcheck is used extensively in bashbot development to ensure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests.
In addition bashbot has a [test suite](doc/7_develop.md) to check if important functionality is working as expected.
### Use printf whenever possible
diff --git a/README.txt b/README.txt
index 24283eb..69f810c 100644
--- a/README.txt
+++ b/README.txt
@@ -19,7 +19,7 @@ Uses [JSON.sh](http://github.com/dominictarr/JSON.sh) and the magic of sed.
Even bashbot is written in bash, it depends on commands typically available in
a Unix/Linux Environment.
-More concret on the common commands provided by recent versions of
+More concrete on the common commands provided by recent versions of
[coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands),
[busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or
[toybox](https://landley.net/toybox/help.html), see [Developer
@@ -35,10 +35,10 @@ Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and
available on www.github.com
## Documentation
-* [Introdution to Telegram Bots](https://core.telegram.org/bots)
+* [Introduction to Telegram Bots](https://core.telegram.org/bots)
* [Install Bashbot](doc/0_install.md)
* Install release
- * Install from githup
+ * Install from github
* Update Bashbot
* Notes on Updates
* [Get Bottoken from Botfather](doc/1_firstbot.md)
@@ -126,7 +126,7 @@ You are Botadmin
/info
-his is bashbot, the Telegram bot written entirely in bash.
+This is bashbot, the Telegram bot written entirely in bash.
It features background tasks and interactive chats, and can serve as an
interface for CLI programs.
```
@@ -184,7 +184,7 @@ network.
A powerful tool to improve your scripts is ```shellcheck```. You can [use it
online](https://www.shellcheck.net/) or [install shellcheck
locally](https://github.com/koalaman/shellcheck#installing). Shellcheck is used
-extensive in bashbot development to ensure a high code quality, e.g. it's not
+extensively in bashbot development to ensure a high code quality, e.g. it's not
allowed to push changes without passing all shellcheck tests.
In addition bashbot has a [test suite](doc/7_develop.md) to check if important
functionality is working as expected.