Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.8k views
in Technique[技术] by (71.8m points)

shell - Bash variable gets butchered when being inserted into cURL command

The first part of the script looks like:

curl -k -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Cache-Control: no-cache" -d 'username=username&password=password "https://get_token" >> token.txt
token=$(<'token.txt'$'
')
echo "$token"

The output from echo $token looks fine(417 characters):

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz09IiwibmJmIjoxNDgzOTg5NjgwLCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw

Let's see what happens when I try to insert the token into the next part of the script.

echo curl -k -X POST -H "Content-Type: application/json" -H "Authorization: AR-JWT "$token"" -H "Cache-Control: no-cache" -d '{?
??"values":{
??????
????"First_Name": "John",
??? "Last_Name": "Doe",
??}
}? ' "https://randomurl.com"

Here is the output:

curl -k -X POST -H Content-Type: application/json -H Authorization: AR-JWT eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz0 -H Cache-Control: no-cache -d {?OiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw
??"values":{
??????
????"First_Name": "John",
??? "Last_Name": "Doe",
??}
}?  https://randomurl.com

2 Things happen when the token is passed in

  • "9IiwibmJmIjoxNDgzOTg5NjgwLCJpc3Mi" within the token gets deleted

  • The 2nd half of the token(After the deleted part) gets inserted into the body

What I've tried:

  • Using a different token
  • Use token without passing it into a file first
  • Moving the Authorization header before the URL

All of these results in the same behavior.

I'm using cygwin64 on Windows 7 When the second cURL command is typed with full token in the correct space into cygwin, it works no problem

Output when set-x is added to the script:

$ ./variable_testing.sh
+ ./variable_testing.sh
+ token=$'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz09IiwibmJmIjoxNDgzOTg5NjgwLCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw
'
+ echo $'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz09IiwibmJmIjoxNDgzOTg5NjgwLCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw

'
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz09IiwibmJmIjoxNDgzOTg5NjgwLCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw
+ echo curl -k -X POST -H '"Content-Type:' 'application/json"' -H '"Authorization:' AR-JWT 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk"' -H '"Cache-Control:' 'no-cache"' -d '{?LCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw
??"values":{
??????
????"First_Name": "John",
??? "Last_Name": "Doe",
??}
}? ' $'https://randomurl.com
'
curl -k -X POST -H "Content-Type: application/json" -H "Authorization: AR-JWT eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1" -H "Cache-Control: no-cache" -d {?OiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw
??"values":{
??????
????"First_Name": "John",
??? "Last_Name": "Doe",
??}
}?  https://randomurl.com

Full, simplified script that that displays output above

#!/bin/bash
set -x logs
token="eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyTVd0bGo4Y1VPYW8xNmdZTlV4QWlFS3RLcTc1b2JsSEN0c3hKWnlxeExCTkRKb1wvKzNSK1l5XC9YUFhoWExLaytJRVdKSE5CTE9MZmxPNksxemFjYXVlM0t1NnFIQjNRXC9QeUxzUTdVSmVOYk9pS3FDeHhcLzk1dz09IiwibmJmIjoxNDgzOTg5NjgwLCJpc3MiOiJwaHgtcmVtc3QtMDAzIiwiX2NhY2hlSWQiOjE0MzA0OCwiZXhwIjoxNDgzOTkzNDAwLCJpYXQiOjE0ODM5ODk4MDAsImp0aSI6IklER0FBNVYwR1pNU0pBTzk5QlVXTzhOMDY5VlRGTiJ9.H3vD-WfZBFXOII4k-cy7Ey2QM9YXytp31m9-Huj9vKw"
echo "$token"
echo curl -k -X POST -H "Content-Type: application/json" -H "Authorization: AR-JWT $token" -H "Cache-Control: no-cache" -d '{?
??"values":{
??????
????"First_Name": "John",
??? "Last_Name": "Doe",
??}
}? ' "https://randomurl.com"
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

First: Your token currently has literal CRs in it -- the apparent butchering is caused by those CRs being printed in your echo output, moving the cursor back to the beginning of the line so parts of your token get overwritten with later content. To eliminate them, you can either convert the file into UNIX text format (and ensure that there aren't CRs in any of the commands generating that file), or you can use:

token=$(<token.txt)    # read token.txt into "token" variable
token=${token//$'
'/} # strip CRs from token variable

If you want to pass the Authorization header to curl as a single word, don't end and reinitialize your quotes; keep that single argument inside one set of syntactic quotes.

-H "Authorization: AR-JWT $token"

Finally, make sure your script itself is in UNIX format -- that your editor isn't saving it with DOS newlines.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...