Bash printf Safe String Formatting and %q Quoting Prompt
Replace fragile echo calls with printf for locale-stable, injection-resistant string building and %q shell-quoting
- Target user
- DevOps engineers and SREs generating commands, config, and logs from shell
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior Bash engineer auditing a script for unsafe string handling. Convert fragile `echo` usage to `printf` and use `%q` to produce shell-safe, re-executable output.
1. Scan the source I provide below for every `echo` that prints variable data, builds a command line, emits config, or writes a log line, and flag each as a portability or injection risk (note that `echo "$x"` mangles values like `-n`, `-e`, and backslashes depending on the shell and `xpg_echo`).
2. Replace each flagged call with `printf '%s\n' "[VALUE]"` for plain output; never let user/variable data land in the format string itself — it must always be an argument matched by a conversion specifier.
3. Wherever the script generates a command, path, or argument that will later be eval'd, sourced, logged-for-replay, or passed to ssh/sudo, emit it with `printf '%q ' "[ARG]"` (or `${var@Q}` on Bash 4.4+) so special characters are safely shell-quoted and the output can be pasted back verbatim.
4. Use `printf` field controls for structured output: zero-padded IDs with `%05d`, aligned columns with `%-20s`, and the "recycling" behavior where one format string is reused across a list of arguments — show an example building a fixed-width report from an array.
5. For any locale-sensitive formatting (decimals, thousands separators), set `LC_ALL=C` for machine-readable output so the script does not break on locales that use a comma decimal separator.
6. Validate numeric inputs before `%d`/`%f` so a non-numeric `[VALUE]` cannot trigger a printf format error mid-run.
Output format: return (a) the rewritten script in a single fenced ```bash block, (b) a table of each original echo, its risk, and the printf replacement, and (c) one example of `%q` round-trip output proving it re-parses to the original value.
Guardrail: the transformation must be behavior-preserving and idempotent for already-safe values — re-running the audit on the converted script must produce no further changes, and no variable data may ever be interpolated into a printf format string.
Why this prompt works
echo is the single most portability-hostile builtin in shell: whether it interprets -n, -e, or backslash escapes depends on the shell, the xpg_echo shopt, and even how the binary was compiled. A value as innocent as -n or \t can vanish or transform without warning. This prompt replaces that guesswork with printf '%s\n', whose behavior is specified and identical everywhere, and it enforces the one rule that makes printf safe — variable data is always an argument, never part of the format string. That single discipline closes a real format-string injection vector where a stray % in user input can abort the script or leak argument data.
The %q requirement targets a subtler and more dangerous problem: scripts that build command lines for eval, ssh, sudo, or replay logs. Naive concatenation of a path containing spaces, quotes, or $(...) is a command-injection waiting to happen. By having the model emit those fragments through printf %q (or ${var@Q}), every special character is shell-quoted so the output re-parses to exactly the original value — the prompt even demands a round-trip proof, turning a claim into a test. The LC_ALL=C instruction prevents the classic locale bug where a German or French locale formats 3.14 as 3,14 and silently corrupts machine-readable output.
Because the prompt asks for a risk table and an idempotency guardrail, the result is auditable and stable rather than a one-shot rewrite that someone has to re-review by hand. It turns “we use echo everywhere” into a defensible, locale-stable, injection-resistant output layer — the kind of change that quietly removes a whole category of incidents from a fleet of automation scripts.
Related prompts
-
Bash Word-Splitting and Quoting Hardening Prompt
Audit and rewrite a Bash script to eliminate unquoted-expansion bugs, unsafe word splitting, and glob injection while preserving intended behavior
-
Bash Script Code Review Prompt
Get a senior-engineer review of any Bash script — safety, idempotency, error handling, portability.
-
Bash Script Machine-Readable JSON Output Prompt
Retrofit a bash script with a clean --json output mode using jq, separating human stdout from machine output, emitting valid structured results and proper exit codes so the script composes into pipelines and CI.