Free AI web copilot to create summaries, insights and extended knowledge, download it at here

204

Abstract

ld.tumblr.com/post/182345318355">lilpieceofmyworld</a> on Tumblr</figcaption></figure>Steps that are yet taken, on these paths unknown.

The uncertainty is shaken with a hand to hold.

A firm

Options

grip on life may not be yours to own.

Yet all is calmed when her soul you behold.By <a href="https://www.instagram.com/p/Bqs4SJSnh7M/">Ato</a>b(L).</article></body>

grep not found results in error condition

This one bites hard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was using the AWS CLI and outputting the results to a variable like this:

test=$(aws iam get-group-policy --profile Sandbox --policy-name XacctWebAdminGroupPolicy --group-name XacctWebAdmin | grep 111111111111)

What I wanted to know is if the specified account number exists in the policy. If the result was an empty string, I display an error.

if [ "$test" == "" ]; then "empty string"; fi

For some reason grep wasn’t returning an empty string when the value was not found. The script would simply fail on that line.

I was going in circles on this one simple line of code for hours. Why wasn’t I getting a variable with an empty string when the account number did not exist in the AWS policy? The script would just run up to that point and terminate.

I was beating my head against a wall so I started running all kinds of crazy tests. I searched every term I could think of. I tested for hidden characters in the output or my script.

After going to eat dinner and coming back and fiddling with it a bit more I decided to isolate the problem code. I printed out the command with the variables populated so I could run it there. When I reproduced the logic in my code it worked fine. Odd.

Then it hit me.

I was using the following at the top of my script:

#!/bin/bash -e

I wanted the script to fail on error and not run any more lines of code. However, apparently when grep does not find a value it returns an error code that triggers the script to stop.

The problem with that is two fold.

One, it’s not a program error. It’s just an empty string or null result.

Two, there’s no error message. It seems like somewhere, someone is swallowing an error.

Either stop making it an error result or provide an error message. This is very confusing.

Why You Should Not Swallow Errors

ACM.113 Example demonstrating how swallowing errors can come back to bite

medium.com

I’m using AWS Linux but I presume this is grep behavior.

🤷🏼‍♀️

Such a time wasting bug! And yes, I’m calling it a bug.

To get around this problem concatenate the command with true like this:

test=$(grep 111111111111 || true)

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab