How to audit a shell-completion script?
How to audit a shell-completion script?
I just stumbled upon a collection of bash completions which can be quite handy: https://github.com/perlpunk/shell-completions
I tried mojo, cpan and pip completions in a sandbox and they worked like a charm!
The only question I've got is, has anyone ever done a security audit of the repository? Anyone has taken the time to look at the code? I could try auditing but I'm not even sure what to look for.
I feel quite wary of letting an unknown source access to my bash session and what I type.
You're viewing a single thread.
Auditing is nothing more than reading the code. Give it a read and make sure you understand everything it’s doing.
This is a great lesson on trust as well. I can tell you I did an audit and it all looks good but does that really have any value?
Agree w/ you re trust.