Whenever you are processing input from from untrusted sources (messages, files, network) you must be as carefull as possible, e.g. set IFS appropriate, disable globbing (set -f) and quote everthing. In addition delete unused scripts and examples from your Bot, e.g. scripts 'notify', 'calc', 'question', and disable all not used commands.
A powerful tool to improve your scripts is shellcheck. You can use it online or install shellcheck locally. Shellcheck is used extensive in bashbot development to enshure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests. In addition bashbot has a test suite to check if important functionality is working as expected.
We stay with /bin/bash shebang, because using the system bash is more save from security perspective.
-It makes it harder for attackers and users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables.
+We stay with /bin/bash shebang, because it's more save from security perspective.
+Using the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables.
If you are a MacOS user or forced to use an alternative bash, see Install Bashbot
I recommend to run your bot as a user, with almost no access rights. All files your Bot have write access to are in danger to be overwritten/deleted if your bot is hacked. For the same reason ervery file your Bot can read is in danger to be disclosed. Restict your Bots access rigths to the absolute minimum.
@@ -228,6 +228,6 @@ It features background tasks and interactive chats, and can serve as an interfac@Gnadelwartz
If you feel that there's something missing or if you found a bug, feel free to submit a pull request!
-