(CommandList children: [ (FuncDef name: err_exit body: (BraceGroup children: [ (C {(print)} {(-u2)} {(-n)} {(DQ (EscapedLiteralPart token:<Lit_EscapedChar "\\t">))}) (C {(print)} {(-u2)} {(-r)} {(${ VSub_Name Command) (Lit_Other "[") ($ VSub_Number "$1") (Lit_Other "]") (Lit_Other ":") } { (DQ (BracedVarSub token: <VSub_At "@"> suffix_op: (Slice begin:(ArithWord w:{(Lit_Digits 2)})) spids: [90 94] ) ) } ) (C {(let)} {(Lit_VarLike "Errors+=") (1)}) ] spids: [61] ) spids: [57 60] ) (C {(alias)} {(Lit_VarLike "err_exit=") (SQ <"err_exit $LINENO">)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:Command) op: Equal rhs: { (BracedVarSub token: <VSub_Number 0> suffix_op: (StringUnary op_id:VOp1_DPound arg_word:{("*") (Lit_Slash /)}) spids: [114 119] ) } spids: [113] ) ] spids: [113] ) (C {(integer)} {(Lit_VarLike "Errors=") (0)}) (AndOr children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:tmp) op: Equal rhs: { (CommandSubPart command_list: (CommandList children:[(C {(mktemp)} {(-dt)})]) left_token: <Left_CommandSub "$("> spids: [128 132] ) } spids: [127] ) ] spids: [127] ) (BraceGroup children: [ (Sentence child: (C {(err_exit)} {(mktemp)} {(-dt)} {(failed)}) terminator: <Op_Semi ";"> ) (Sentence child:(C {(exit)} {(1)}) terminator:<Op_Semi ";">) ] spids: [136] ) ] op_id: Op_DPipe ) (C {(trap)} {(DQ ("cd /; rm -rf ") ($ VSub_Name "$tmp"))} {(EXIT)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pwd) op:Equal rhs:{($ VSub_Name "$PWD")} spids:[167])] spids: [167] ) (Case to_match: {($ VSub_Name "$SHELL")} arms: [ (case_arm pat_list:[{(/) (Lit_Other "*")}] spids:[176178180-1]) (case_arm pat_list: [{(Lit_Other "*") (/) (Lit_Other "*")}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:SHELL) op: Equal rhs: {($ VSub_Name "$pwd") (/) ($ VSub_Name "$SHELL")} spids: [187] ) ] spids: [187] ) ] spids: [182 185 191 -1] ) (case_arm pat_list: [{(Lit_Other "*")}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:SHELL) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(whence)} {(DQ ($ VSub_Name "$SHELL"))})] ) left_token: <Left_CommandSub "$("> spids: [197 203] ) } spids: [196] ) ] spids: [196] ) ] spids: [193 194 204 -1] ) ] spids: [170 174 206] ) (FuncDef name: check_restricted body: (BraceGroup children: [ (C {(rm)} {(-f)} {(out)}) (SimpleCommand words: [{(rksh)} {(-c)} {(DQ ($ VSub_At "$@"))}] redirects: [ (Redir op_id:Redir_Great fd:2 arg_word:{(out)} spids:[233]) (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[237]) ] more_env: [(env_pair name:LC_MESSAGES val:{(C)} spids:[222])] ) (SimpleCommand words: [{(grep)} {(restricted)} {(out)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[248]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[252]) ] ) ] spids: [212] ) spids: [208 211] ) (AndOr children: [ (DBracket expr: (BoolBinary op_id: BoolBinary_GlobNEqual left: {($ VSub_Name "$SHELL")} right: {(/) (Lit_Other "*")} ) ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:SHELL) op: Equal rhs: {($ VSub_Name "$pwd") (/) ($ VSub_Name "$SHELL")} spids: [271] ) ] spids: [271] ) ] op_id: Op_DAmp ) (AndOr children: [ (C {(cd)} {($ VSub_Name "$tmp")}) (C {(err_exit)} {(DQ ("cd ") ($ VSub_Name "$tmp") (" failed"))}) ] op_id: Op_DPipe ) (C {(ln)} {(-s)} {($ VSub_Name "$SHELL")} {(rksh)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:PATH) op: Equal rhs: {($ VSub_Name "$PWD") (Lit_Other ":") ($ VSub_Name "$PATH")} spids: [298] ) ] spids: [298] ) (AndOr children: [ (C {(rksh)} {(-c)} {(SQ <"[[ -o restricted ]]">)}) (C {(err_exit)} {(SQ <"restricted option not set">)}) ] op_id: Op_DPipe ) (AndOr children: [ (DBracket expr: (BoolBinary op_id: BoolBinary_GlobDEqual left: { (CommandSubPart command_list: (CommandList children:[(C {(rksh)} {(-c)} {(SQ <"print hello">)})]) left_token: <Left_CommandSub "$("> spids: [321 329] ) } right: {(hello)} ) ) (C {(err_exit)} {(SQ <"unable to run print">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(/bin/echo)}) (C {(err_exit)} {(SQ <"/bin/echo not resticted">)}) ] op_id: Op_DPipe ) (AndOr children: [(C {(check_restricted)} {(./echo)}) (C {(err_exit)} {(SQ <"./echo not resticted">)})] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(SQ <"SHELL=ksh">)}) (C {(err_exit)} {(SQ <"SHELL asignment not resticted">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(SQ <"PATH=/bin">)}) (C {(err_exit)} {(SQ <"PATH asignment not resticted">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(SQ <"FPATH=/bin">)}) (C {(err_exit)} {(SQ <"FPATH asignment not resticted">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(SQ <"ENV=/bin">)}) (C {(err_exit)} {(SQ <"ENV asignment not resticted">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(SQ <"print > file">)}) (C {(err_exit)} {(SQ <"> file not restricted">)}) ] op_id: Op_DPipe ) (SimpleCommand redirects:[(Redir op_id:Redir_Great fd:-1 arg_word:{(empty)} spids:[439])]) (AndOr children: [ (C {(check_restricted)} {(SQ <"print <> empty">)}) (C {(err_exit)} {(SQ <"<> file not restricted">)}) ] op_id: Op_DPipe ) (SimpleCommand words: [{(print)} {(SQ <"echo hello">)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(script)} spids:[463])] ) (C {(chmod)} {(Lit_Other "+") (x)} {(./script)}) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(script)})] negated:True) (C {(err_exit)} {(SQ <"script without builtins should run in restricted mode">)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(check_restricted)} {(./script)}) (C {(err_exit)} {(SQ <"script with / in name should not run in restricted mode">)}) ] op_id: Op_DPipe ) (SimpleCommand words: [{(print)} {(SQ <"/bin/echo hello">)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(script)} spids:[506])] ) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(script)})] negated:True) (C {(err_exit)} {(SQ <"script with pathnames should run in restricted mode">)}) ] op_id: Op_DPipe ) (SimpleCommand words: [{(print)} {(SQ <"echo hello> file">)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(script)} spids:[530])] ) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(script)})] negated:True) (C {(err_exit)} {(SQ <"script with output redirection should run in restricted mode">)}) ] op_id: Op_DPipe ) (SimpleCommand words: [{(print)} {(SQ <"PATH=/bin">)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(script)} spids:[554])] ) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(script)})] negated:True) (C {(err_exit)} {(SQ <"script with PATH assignment should run in restricted mode">)}) ] op_id: Op_DPipe ) (SimpleCommand words: [{(cat)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(script)} spids:[574]) (HereDoc op_id: Redir_DLess fd: -1 body: {(DQ ("#! ") ($ VSub_Name "$SHELL") ("\n") ("print hello\n"))} do_expansion: True here_end: "!" was_filled: True spids: [578] ) ] ) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(SQ <"script;:">)})] negated:True) (C {(err_exit)} {(SQ <"script with #! pathname should run in restricted mode">)}) ] op_id: Op_DPipe ) (AndOr children: [ (Pipeline children:[(C {(check_restricted)} {(SQ <script>)})] negated:True) (C {(err_exit)} { (SQ < "script with #! pathname should run in restricted mode even if last command in script" > ) } ) ] op_id: Op_DPipe ) (ForEach iter_name: i iter_words: [{(PATH)} {(ENV)} {(FPATH)}] do_arg_iter: False body: (DoGroup children: [ (AndOr children: [ (C {(check_restricted)} {(DQ ("function foo { typeset ") ($ VSub_Name "$i") ("=foobar;};foo"))} ) (C {(err_exit)} {(DQ ($ VSub_Name "$i") (" can be changed in function by using typeset"))} ) ] op_id: Op_DPipe ) ] spids: [629 648] ) spids: [622 -1] ) (C {(exit)} { (ArithSubPart anode: (TernaryOp cond: (ArithBinary op_id: Arith_Less left: (ArithVarRef name:Errors) right: (ArithWord w:{(Lit_Digits 125)}) ) true_expr: (ArithVarRef name:Errors) false_expr: (ArithWord w:{(Lit_Digits 125)}) ) spids: [653 662] ) } ) ] )