…
This is terrible practice. You see, the config file above is not TOML, because TOML specification allows spaces around the equals signs. But if you place the spaces around it, it will break the script. That config file is actually a shell script, that’s why you can source it. So, its extension should reflect that, and not imply it is TOML, which it is not.
Or you should implement a TOML parser, which would be a proper, but rather stupid way to handle this problem.
Usually in 99% of cases when programming endeavour lead you to “write <insert_coin> parser” - you’re doing something terribly wrong 
Every time you’re reading some data, whether it is from a file, network, database, some sensor, or user input, you are doing some parsing. Often this is very trivial, but often you’re stuck with data in some given format which you need to parse.
In cases such as this, just using source script_file is fine, but in production code, that would be bad from security point of view, because somebody could put malicious code inside that config file. That’s why I said that the proper way to handle it is to implement some sort of parser (so it might as well be TOML). In practice, however, that is stupid, because it takes a lot of effort, sacrifices performance, and is unnecessary as this is not production code and if you put malicious stuff into your config script, you’ve nobody but yourself to blame.
My only objection to the code above was about incorrectly indicating in the comments that the config file adheres to the TOML format, which it clearly doesn’t.
You’re right. I initially wanted to include a proper parser, but then realized it was stupid. I simply forgot to change the extension.
Can you explain what this means, please, so I can follow? Maybe system package, or similar?
If someone has write access to your system, and want to trick you into running malicious code, wouldn’t they run it themselves?
If you source files in your $HOME folder, is it also bad practice?
It’s code meant to be run by “other” people, which means people you don’t necessarily know or trust. Users who see your code as some sort of a product, who are not necessarily interested in how it works, but expect it to be secure. It’s code that runs in circumstances that cannot be predicted, and encounters input that also cannot be predicted.
Using source config makes your code vulnerable to code injection. There are situations where this is a real security concern, and situations where it is not.
In this case, it obviously isn’t a concern, because you have complete control over the contents of this config file, like I said:
That’s why I said it would be stupid to do it “properly” by implementing a parser for the config file.
But let’s say this config file is sourced from somewhere else, like third-party online database. Or let’s say the script is run on your server and input is given by unknown users online. In cases like that, it’s a terrible idea to have the config as a shell script and execute it with source config. It’s the same thing as using eval in JavaScript to “parse” what is supposed to be input in JSON (but, unlike JSON, can include actual code to be executed). Do you see how, in such cases, this could give access to your system to people who otherwise wouldn’t have it?
I’m not saying that this is bad practice in general, just that one has to be aware that this opens the possibility for code injection.
What is always bad practice, without exception, is deceptive comments and file extensions. The reason why I even started this discussion is the this the fact a shell script is misidentified as a TOML file. This is always bad practice. A TOML file is pretty harmless, a shell script can take over your computer. It should always be clear what is what.
one I use every week with my normal Maintenance. Backup/upgrade.
#!/bin/bash
##############################
##### A Frog Bash Script #####
##############################
##### @..@ #####
##### (----) #####
##### (>____<) #####
##### ^^~~~~^^ #####
##############################
#/Name: tardroid
#/Description: Create a Image of my Droid Memory Based on Device
#/Creation Date: January 08 2020
SCRIPT_VERSION=2.2.7
####################################################################
#Dependencies #
####################################################################
#adb tar rm tr sed
#Developer options implemented to your devices settings
#usb debugging turned on for phone and RSA signature approval.
####################################################################
# Updates #
####################################################################
#/ this section reserved for update notes.
#/ There have been several changes as the devices have changed but mostly minor adjustments.
#/ This section has not been kept.
####################################################################
#Variables #
####################################################################
config_path=/home/thefrog/bin/etc
source ${config_path}/colors.config
source ${config_path}/common.config
#txticons used
image attached. forum display
#Current Android Device Information
# If more than one device then this should be sourced in from external config. (ie... android.conf)
DEVICE_BRAND=Motorola
DEVICE_SERIAL_NUMBER=ZY22G76GM8
DEVICE_EXMEMORY=/storage/63DA-D050
# make sure adb is installed if adb is installed it will continue without
# errors
ADB=`which adb`
if [ -z "$ADB" ] ; then
echo -e "${ERRCOLOR}${error_icon} ${CRITICAL} Expected Program Not Found ${Normal}"
Sh_Exit
fi
begin_msg="${ICONCOLOR}${tar_icon}${Normal} Tar File(s) Creation Started"
shend_msg="${ICONCOLOR}${tar_icon}${Normal} Tar File(s) Creation Completed"
Script_Message="${WORKCOLOR}${work_icon} Working ${Normal} ${TXTCOLOR} Pulling Files"
Mount_2_Check=${BACKUP_DRIVE}
dsn=`adb get-serialno | tr -d '\r\n\t /\\\' | sed '/^$/d'`
err_Exit=0
####################################################################
#Script Global Functions #
####################################################################
function Script_Display
{
clear
echo -e "${TITLEBG}${TITLEFG}${TITLE_ICONS}${hosts_icon} ${TITLEFG}$HOSTNAME ${TITLE_ICONS} ${android_icon}${TITLEFG} Android Backup ${TITLE_ICONS}${version_icon} ${NUMBCOLOR}${SCRIPT_VERSION} ${Normal}"
echo -e " ${ICONCOLOR}${clock_icon}${NUMBCOLOR} `date '+%c'`${Normal}"
echo
echo -e "${ICONCOLOR} ${user_icon} ${TXTCOLOR} $USER ${ICONCOLOR} ${android_icon}${TXTCOLOR} ${DEVICE}${Normal}(${NUMBCOLOR}${dsn}${Normal})"
echo
echo -e ${Script_Message}
echo -e "Backup Path ${ICONCOLOR}${disc_icon} ${TXTCOLOR} ${BACKUP_DRIVE}/thefrog/Android/${DEVICE}"${Normal}
echo -e ${DIVIDER}
#exit
}
function Script_Exit
{
echo -e ${DIVIDER}
#Decide if Exiting with error
if [[ ${err_Exit} != 0 ]] ; then
echo -e ${ER_MSG}
else
echo -e ${GB_MSG}
fi
#this command cleans all variables for each script sessoion
#exec env --ignore-environment /bin/bash
#use this command to unset just a few variables
unset err_Exit DRIVE_MOUNTED current_state DRIVE_NOMOUNTED DEVICE_STATUS DEVICE exstorage ANDROID_UNAVALABLE
adb kill-server
exit
}
function Script_Help
{
echo "Help"
Script_Exit
}
####################################################################
#/ User added Functions #
####################################################################
function is_Drive_Mounted
{
#/simple function to check the status of a mount used in various scripts
if grep -qs ${Mount_2_Check} /proc/mounts; then
DRIVE_MOUNTED=1 #True
else
echo -e ${ERRCOLOR} ${error_icon}${Normal} ${DRIVE_NOMOUNTED}
err_Exit=1
Script_Exit
fi
}
function get_DEVICE_STATUS
{
#simple function to determine if the device is "Online which will show as device"
#possible values of current_state: offline bootloader device unauthorized null
DEVICE_STATUS=`adb get-state | tr -d '\r\n\t /\\\' | sed '/^$/d'`
#DEVICE_STATUS=$current_state
if [[ ${DEVICE_STATUS} != 'device' ]] ; then
echo -e ${nodevice_icon}${ANDROID_UNAVALABLE}
err_Exit=1
Script_Exit
fi
}
####################################################################
#Execute #
####################################################################
# first check and make sure the device is attached to the computer
# other wise exit with error message
get_DEVICE_STATUS #
# check to see if backup drive is mounted
# other wise exit with error message
is_Drive_Mounted
if [[ ${dsn} = ${DEVICE_SERIAL_NUMBER} ]] ; then
DEVICE=${DEVICE_BRAND}
EXMEMORY=${DEVICE_EXMEMORY}
fi
mkdir -p ${DEVICE_BUPATH}/tmp
DEVICE_BUPATH=${BACKUP_DRIVE}/thefrog/Android/${DEVICE}
Script_Display
echo -e "${ICONCOLOR}${android_icon}${Normal} ${TXTCOLOR} ${DEVICE} ${TXTCOLOR}Device:"${Normal}
echo -e " ${ICONCOLOR}${sdcard_icon}${Normal} ${TXTCOLOR} Pulling Internal Memory${Normal}"
adb pull /sdcard ${DEVICE_BUPATH}/tmp > /dev/null 2>&1
echo -e " ${ICONCOLOR}${sdcard_icon}${Normal} ${TXTCOLOR}Pulling External Memory${Normal}"
adb pull ${EXMEMORY} ${DEVICE_BUPATH}/tmp > /dev/null 2>&1
#read -p "Enter to continue Ctrl+C to exit"
echo "Pull Stage completed."
#since the path [/storage] does not carry over in the pull process we have to remove it
exstorage=`echo ${EXMEMORY} | cut -c 9-`
cd ${DEVICE_BUPATH}
cp -Ru ${DEVICE_BUPATH}/tmp/${exstorage}/Backups/sms-calls ${BACKUP_DRIVE}/thefrog/Android/Backups/sms-calls/2023
Script_Message="${WORKCOLOR}${work_icon} Working ${Normal} ${TXTCOLOR}${begin_msg}"
Script_Display
echo -e "[${DEVICE}-${Normal}${NUMBCOLOR}`date +'%m-%d-%Y'`${Normal}]"
cd ${DEVICE_BUPATH}/tmp
tar cf ${BACKUP_DRIVE}/thefrog/Android/${DEVICE}/${DEVICE}-`date +'%m-%d-%Y'`.tar ${DEVICE_BUPATH}/tmp | 7z a ${BACKUP_DRIVE}/thefrog/Android/${DEVICE}/${DEVICE}-`date +'%m-%d-%Y'`.tar.7z
Script_Message="${ICONCOLOR}${workdone_icon} ${TXTCOLOR}${shend_msg}"
Script_Display
DROID_TAR=${DEVICE_BUPATH}/${DEVICE}-`date +'%m-%d-%Y'`.tar
DROID_SIZE=`du -hs ${DROID_TAR} | awk '{print $1}'`
echo -e "[${DEVICE}-${NUMBCOLOR}`date +'%m-%d-%Y'`${Normal}]......"${NUMBCOLOR} ${DROID_SIZE}${Normal}
#cp ${DEVICE_BUPATH}/${DEVICE}-`date +'%m-%d-%Y'`.tar /${BACKUP_DRIVE}/thefrog/Android/${DEVICE}
rm -Rf ${DEVICE_BUPATH}/tmp
#rm ${DEVICE_BUPATH}/${DEVICE}-`date +'%m-%d-%Y'`.tar
Script_Exit
geany shows you the actual images for the txticons
#!/bin/bash
# Let there be light!
COUNT=10000
printf -v BUFFER '%*s' $COUNT ' '
printf '\033[48;2;255;255;255m%s\n\033[0m' "$BUFFER"
When I can’t find something in my room, and I’m too lazy to switch on the lights…
Wait, let me cross-post this on the Kali forums, those guys are pretty clever.
…I’ll make sure I explain to them I want to be an “hacker” first…that’s sure to get help 
I created a simple loop script to run a command multiple times. It’s not setting the world in fire but wanted to share with you. I don’t recommend it making a function out of it, as it deals with eval and has no guards on variables. The script includes a small description and examples. I’m actually surprised that Bash doesn’t have a builtin loop command.
loop:
#!/usr/bin/env bash
# Run a command n-times or infinite times.
# by Tuncay D. (thingsiplay)
#
# Usage: loop [N] COMMAND
#
# If the first argument N is a number, then it will run the command that many
# times. If N is not a number, then it will be interpreted as part of the
# actual command and run indefinitely.
#
# Examples:
#
# # Run command 3 times.
# loop 3 echo hello wonderful person \&\& sleep 1
#
# # Benchmark a command by running it 10 times without output.
# time loop 10 grep -F [ ~/.* 1>/dev/null 2>/dev/null
#
# # Watch until a file containing "abc" is created in home then stop.
# loop 'sleep 1 ; ls ~/ | grep abc && echo found && exit'
int='^[0-9]+$'
if ! [[ ${1} =~ ${int} ]]; then
while :; do
eval ${*}
done
else
n="${1}"
shift
for _ in $(seq 1 "${n}"); do
eval ${*}
done
fi
Just a simple alias in my .bashrc for eliminating “Orphan Programs” that’s easier to remember.
##############
My Aliases
##############
alias anakin=‘sudo pacman -R $(pacman -Qdtq)’
Here are two more scripts. Both are building interactive menus and preview the content of the file/description in a small window while live searching. woman is a man explorer and yayqp is description explorer of installed packages. I’m not the greatest at naming stuff.^^
#!/usr/bin/env bash
yay_preview() {
yay -Qqil "${1}"
}
export -f yay_preview
yay_preview_output() {
yay_preview "${1}" | less
echo "\$ yay -Qqi ${1}"
yay -Qqi "${1}"
}
export -f yay_preview_output
yay -Qq |
grep -E -- "${1}" |
fzf --preview 'yay_preview {}' \
--no-sort \
--reverse \
--border rounded \
--border-label ' [Query Packages] ' \
--bind 'enter:execute(yay_preview_output {})'
#!/usr/bin/env bash
# Lookup section meaning in `man man`.
sections='1,8,6,5,7'
show_manual () {
man -- "${1%% *}" 2> /dev/null
}
export -f show_manual
if selection=$(man -k . --sections="${sections}" \
| sort -t ' ' -k 2,2 -k 1,1 \
| fzf -q "${*}" \
--cycle \
--border=none \
--bind change:first \
--bind tab:down \
--bind shift-tab:up \
--bind esc:cancel+clear-selection \
--tiebreak=begin,chunk,length \
--reverse \
--preview='show_manual {}' \
--preview-window=down:70%:wrap:border-rounded)
then
show_manual "${selection}"
fi
This does not remove all orphans. You will notice that you have to run this command several times.
Use
yay -Yc
or
paru -c
That’s intended. I find it more prudent to do it a bit at a time and pay attention to what’s actually getting removed.
My very small “script”
reboot_to_windows.sh:
#!/bin/bash
systemctl reboot --boot-loader-entry=auto-windows
bound to Ctrl+Super+Alt+W… for when I need to boot into Windows for some reason.
EDIT: for games which don’t run on Linux 
.
I’m really surprised to read you have Windows installed! 
Sorry, posting to a wrong person and place! 
So happy to find this!
I was thinking it would be really good to have a post where we can share scripts. lol Ive only got and used one which I found online lol whilst making my list of commands to delete duplicate lines.
definitely will be looking through this thread later. You know what I really really want? I want a script which can search my whole computer for important configs that I’ve edited and individually put them into txt files so I can easily back up my configs. lol I tried for two days like literally (couple hrs sleep) to get chat to do it but my gosh chat chats a lot of c***
lol After that disaster decided I’m going to teach myself python. Would be a dream to get into DevOps so I know it’d be useful for that too.
%!python3.11 -c 'exec("import fileinput\nLINES = []\nfor line in fileinput.input():\n line = line.splitlines()[0]\n if line not in LINES:\n print(line)\n LINES.append(line)\n")'
Most configs should be in ~/.configs these should be all the configs you’ve edited. making a command to back that up is fairly simple using either cp or rsync.
cp -r ~/. /destination/of/backup
Thank you very much! That was very kind of you.
Yeah thinking about it lol, (it’s good to think) you’re right. I mean I done the systemd reflector and network wait configs and logind. I think those would be the only one really maybe a couple more like pacman or the MAKEFLAGS, na list does get a tad longer environment variables.
I’ll try that out tho. Thank you!
lol I’ll tell you something stupid (was going to write funny, but it’s not, it’s stupid.)
Before reinstalling I’ve had a copy of my programs put into a file. When I’ve reinstalled lol I’ve typed each and every one of them into pacman -S . lol Just realised right now, there’s a way to do it without typing them in.
What I do is save the configs I use a lot in a git repo on Gitlab, that way I only have to pull them down if I do a reinstall and I’m done.