Make a script bullet-proof by including error trapping code.
Including error trapping for Unix Scripting
The saying goes that nothing is foolproof, because fools are so ingenious. But it does not hurt to try to make your work as secure as possible. There are several situations where problems may arise when your shell scripts are executed:
Others use your scripts without reading documentation (if any was provided).
You forget the syntax that the script was designed to work with.
Input or files that the script works on are not formatting correctly or are corrupted.
All of these situations call for error trapping within your scripts. Error trapping refers to checking all possible error conditions and providing a path of action in the script, rather than letting the script “crash” or exit with an error when an expected problem occurs. Using error trapping is sometimes called making a script "bullet-proof".
Learning to anticipate all possible problems in any program is a difficult and time-consuming task. But considering the
cost of not doing it, the difficulties are best endured.
Security Dangers in scripts
Years ago, all the interactivity on the Web was provided by scripts running on the Web server. A user sent information in a form that the script processed. Most of the early security problems with the Web (this was before e-commerce) were caused by scripts that did not have effective error trapping. Data on a form contained extraneous characters that were interpreted as commands on the Web server, causing data loss, security breaches, or even a crashed server. Most of these scripts were written in Perl, but many of the same types of dangers exist with shell scripts.
Error-trapping examples
To show where error trapping would be useful, if not essential, we will refer to the section on looping from the outline created earlier:
This outline helps us to check for several possible errors or conditions that might endanger a bullet-proof script:
The file exists but cannot be read because it is a directory, special file, or the person running the script lacks sufficient permissions. Each case might produce a different error message. You must decide if the entire script should exit at that point, or if the loop should continue to process the next file.
The ID code that the user enters should be checked for valid syntax (according to what the dbconvert program accepts, in this example). This check might include the length, valid characters, uppercase or lowercase, and so on.
The result of the dbconvert program is already being tested in the above outline. Various possible error codes might result in different actions, such as skipping to the next file, exiting the script, or requesting a different ID code from the user and trying again with the same file.
Writing a record to the conversion log file might generate an error. Should this be ignored? Repeated in a different way? Cause the script to exit with an informative message?
Dealing with these questions involves adding more tests (if/then statements), writing error messages to the screen or a file, and sometimes jumping to a different part of the script. The nature of the script and its purposes within your organization will help you to answer questions that arise as you go through your own script outlines. The next lesson describes how you can make your script usable with multiple shells.
How is Error Trapping used when writing Shell Scripts?
Error trapping[1] is a technique used in shell scripting to handle errors and exceptions that may occur during the execution of a script. It allows the script to respond to errors in a graceful manner rather than simply crashing or producing incorrect output.
There are various ways to implement error trapping in shell scripts. One common approach is to use conditional statements such as if and else to check for errors and respond accordingly. For example, if a command fails to execute, the script can use the if statement to test the exit status of the command and then take appropriate action based on the result.
Another approach is to use the trap command to capture and handle errors. The trap command allows the script to specify a function that will be executed when a specified signal or error occurs. This function can then perform any necessary error handling, such as logging the error, notifying the user, or exiting the script gracefully.
In addition to these techniques, shell scripts can also use error messages and logging to provide more information about errors that occur. Error messages can be displayed to the user or written to a log file, and can include information such as the location of the error, the command that caused it, and any relevant context.
Overall, error trapping is an important aspect of shell scripting that helps ensure scripts are robust, reliable, and able to handle unexpected situations.
[1]
Error trapping: Defining actions (other than simply printing an error message) that should occur if an error is detected during the execution of a program.