When it is useful to use command strings ?
I dot' see any advantage of this command, where is it using ? For what ?
I wrote a little program, that u need to guess a password and thats all of my ideas where this command is useful.
Strings is used to Search and display the printable strings in a binary file.
Related
I'm writing a CLI using node and I've arrived at the part where I take user input and append it to a string that is the command for the child_process.exec function.
const CURL_CHILD = exec('npm view --json ' + process.argv[2] + ...
I am trying to figure out what I need to do to process.argv[2] before I pass it to the exec function. I've surfed around for a while and haven't found any questions or answers that address this specific case.
What is the best way to sanitize this user input for this particular use case? What is actually needed here?
Update
I'm still surfing around trying to learn and answer my own question and found this link which suggests I use js-string-escape (a node package). I'd really like to use something native/vanilla to do this. Does node have any tools for this?
Update 2
I finally stumbled upon the buzzwords "command injection" and found a slew of articles recommending the use of child_process.execFile or child_process.spawn. I'm still curious if there is a native way to sanitize the input, while still securing the full shell process created by child_process.exec. I am leaving this open in hopes someone can answer it.
Your user input arguments may contain variable chars that the shell is going to interpret them in its own way. So for instance, in Linux, $ has a special meaning.
If you want to use such argument as-is avoiding the shell interpretation, you have to escape them. The same we do with some special chars in HTML (eg. < and > has special meaning so we use to escape them in HTML like < and respectively >). The same applies here.
So the answer to your question is first to find out the special chars in your shell/environment and escape them.
A good rule of thumb is to escape chars like double-quote ", single-quote ', space , the dollar-sign $ (because it's an Illuminati symbol, right? ;-), the grave-accent ` and obviously the backslash \.
So let's suppose that your command is the one below. To escape it just use some simple regex like this:
cmd = "npm view --json " + process.argv[2];
escapedCmd = cmd.replace(/(["\s'$`\\])/g,'\\$1');
I hope it helps :-)
Try the npm package escape-it. Should work with *nix OSes, but has some support for Windows, too.
Until recently, I was under the impression that by convention, all Linux command options were required to be prefixed by a hyphen (-). So for example, the instruction ls –l executes the ls command with the l option (here we can see that the l option is prefixed by a hyphen).
Life was good until I got to the chapter of my Linux for beginners book that explained the ps command. There I learned that I could write something like ps u U xyz where as far as I can tell, theu and U are options that are not required to be prefixed by a hyphen. Normally, I would have expected to have to write that same command as something like ps –uU xyz to force the usage of a hyphen.
I realize that this is probably a stupid question but I was wondering if there is a particular reason as to why the ps command does not follow what I thought was the standard way of specifying command options (prefixing them with hyphens). Why the variation? Is there a particular meaning to specifying hyphen-less options like that?
There are a handful of old programs on Unix that were written when the conventions were not as widely adopted, and ps is one of them. Another example is tar, although it has since been updated to allow options both with and without the - prefix.
IMO the best practice concerning hyphenation is to use them as the default go-to. More times than not, they have accepted hyphen prefixes to most or all flags/options available for commands. Happy to be corrected if I am wrong in this instance. I am still new to this myself! :)
What is the vim short for this case?
A BCD_x 1.pdf A BCD_x 2.pdf
Desired output:
A BCD_x 1.pdf:::A BCD_x 2.pdf
You mean something like this?
:s/\s\(A\s\)/:::\1
Or how about this?
:s/\sA\#=/:::
Of course, as always with regexp search-and-replace everything depends on the particulars of your data. Of which you haven't given us much to work with.
I use Vim's spell checking to validate texts in Russian. We have letter ё in our alphabet which is often replaced with simple е. So, for example, word ёжик из written as ежик. It is a bad tone actually. Its like using - (hyphen) where — (em-dash) is required, like using "computer" quotes forgetting about existence of „typographic” «quotes», etc.
The bad thing is that spell dictionary for Vim composed out of simplified words with all ёs, replaced with еs. So I always get an error in a word with ё.
So the question, is there any hook I can use that will allow me to normalize a word just before it will be spell checked? Or maybe someone has a better idea? Thanks.
UPDATE
With the hint from #sarnold, I found the solution. One should use ru_yo locale instead of ru_ru if he wants ёёёёё
My first thought when reading your post was to suggest using zg to add the word to the spellfile; after a few weeks you'll have a lot of them. Not ideal, but simple.
:help spell-russian lists several different spelling variations, would one of these help?
I also notice in :help spell.txt that there are options for downloading your own spellfiles from OpenOffice or http://www.a-a-p.org to automate building spellfiles.
I would recommend you to use your own spell checking for vim. Use a method #2 explained here
Is there a way to search for multiple strings simultaneously in Vim? I recall reading somewhere that it was possible but somehow forgot the technique.
So for example, I have a text file and I want to search for "foo" and "bar" simultaneously (not necessarily as a single string, can be in different lines altogether).
How do I achieve that?
/^joe.*fred.*bill/ : find joe AND fred AND Bill (Joe at start of line)
/fred\|joe : Search for FRED OR JOE
Actually I found the answer soon after I posted this (yes I did google earlier but was unable to locate it. Probably was just searching wrong)
The right solution is
/(foo\|bar)
#Paul Betts: The pipe has to be escaped
Vim supports regular expressions by starting in command mode with a '/'.
So using something like "/(foo\|bar)" (as was stated before) would solve the problem. It's good to know why that works and what you are using (regular expressions).
/(foo|bar)