I'm looking for a configuration file format that feels safe to use without the risk of executing code when sourced. Currently, I'm using JSON alongside jq, but I've been considering YAML. However, I can't really justify installing yq just for that purpose. I could also parse a simple text file if that would work, but I'm not sure what the best approach would be for key-value pairs. Any suggestions?
4 Answers
Have you thought about using TOML? It allows comments, which JSON lacks. Sure, YAML could get the job done, but its strict whitespace rules can be tricky, and it sometimes feels like an overcomplicated markup language.
If all you need is key-value pairs, parsing a text file would work just fine! It’s super straightforward. Here’s a simple approach:
```bash
test.txt:
foo=bar
while IFS='=' read -r key value; do
ary["$key"]=$value
done < test.txt
declare -p ary
```
This gives you a nice associative array, and you can check out a similar method on Stack Overflow.
You might want to add a line to skip comments in your loop: `[[ $key == *#* ]] && continue`.
Here’s my version:
```bash
while read KEY VALUE; do
[[ "$KEY" == *#* ]] && continue;
# Handle your data here
done
```
What are you trying to achieve exactly? If you're only sourcing files that you control, there's probably not much risk involved. Could you share a snippet of your script that handles the sourcing?
But if you can't install yq, what’s your plan for parsing TOML?