(command.CommandList
  children: [
    (command.ShFunction
      name: err_exit
      body: 
        (BraceGroup
          left: <Id.Lit_LBrace '{'>
          children: [
            (C {<print>} {<-u2>} {<-n>} {(DQ <Id.Lit_BadBackslash '\\'> <t>)})
            (C {<print>} {<-u2>} {<-r>} 
              {(${ Id.VSub_Name Command) <Id.Lit_LBracket '['> ($ Id.VSub_Number 1) 
                <Id.Lit_RBracket ']'> <Id.Lit_Colon ':'>
              } 
              {
                (DQ 
                  (braced_var_sub
                    left: <Id.Left_DollarBrace '${'>
                    token: <Id.VSub_At '@'>
                    var_name: '@'
                    suffix_op: (suffix_op.Slice begin:{<Id.Lit_Digits 2>})
                    right: <Id.Arith_RBrace _>
                  )
                )
              }
            )
            (C {<let>} {<Id.Lit_VarLike 'Errors+='> <1>})
          ]
          redirects: []
          right: <Id.Lit_RBrace '}'>
        )
    )
    (C {<alias>} {<Id.Lit_VarLike 'err_exit='> (SQ <'err_exit $LINENO'>)})
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'Command='> name:Command)
          op: assign_op.Equal
          rhs: 
            {
              (braced_var_sub
                left: <Id.Left_DollarBrace '${'>
                token: <Id.VSub_Number 0>
                var_name: 0
                suffix_op: 
                  (suffix_op.Unary
                    op: <Id.VOp1_DPound '##'>
                    arg_word: {<Id.Lit_Other '*'> <Id.Lit_Slash '/'>}
                  )
                right: <Id.Right_DollarBrace '}'>
              )
            }
          spids: [114]
        )
      ]
      redirects: []
    )
    (C {<integer>} {<Id.Lit_VarLike 'Errors='> <0>})
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'tmp='> name:tmp)
              op: assign_op.Equal
              rhs: 
                {
                  (command_sub
                    left_token: <Id.Left_DollarParen '$('>
                    child: (C {<mktemp>} {<-dt>})
                    right: <Id.Eof_RParen _>
                  )
                }
              spids: [128]
            )
          ]
          redirects: []
        )
        (BraceGroup
          left: <Id.Lit_LBrace '{'>
          children: [
            (command.Sentence
              child: (C {<err_exit>} {<mktemp>} {<-dt>} {<failed>})
              terminator: <Id.Op_Semi _>
            )
            (command.Sentence
              child: (command.ControlFlow token:<Id.ControlFlow_Exit exit> arg_word:{<1>})
              terminator: <Id.Op_Semi _>
            )
          ]
          redirects: []
          right: <Id.Lit_RBrace '}'>
        )
      ]
    )
    (C {<trap>} {(DQ <'cd /; rm -rf '> ($ Id.VSub_DollarName tmp))} {<EXIT>})
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'pwd='> name:pwd)
          op: assign_op.Equal
          rhs: {($ Id.VSub_DollarName PWD)}
          spids: [168]
        )
      ]
      redirects: []
    )
    (command.Case
      to_match: {($ Id.VSub_DollarName SHELL)}
      arms: [
        (case_arm pat_list:[{<'/'> <Id.Lit_Star '*'>}] action:[] spids:[177 179 181 -1])
        (case_arm
          pat_list: [{<Id.Lit_Star '*'> <'/'> <Id.Lit_Star '*'>}]
          action: [
            (command.ShAssignment
              pairs: [
                (assign_pair
                  lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'SHELL='> name:SHELL)
                  op: assign_op.Equal
                  rhs: {($ Id.VSub_DollarName pwd) <'/'> ($ Id.VSub_DollarName SHELL)}
                  spids: [188]
                )
              ]
              redirects: []
            )
          ]
          spids: [183 186 192 -1]
        )
        (case_arm
          pat_list: [{<Id.Lit_Star '*'>}]
          action: [
            (command.ShAssignment
              pairs: [
                (assign_pair
                  lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'SHELL='> name:SHELL)
                  op: assign_op.Equal
                  rhs: 
                    {
                      (command_sub
                        left_token: <Id.Left_DollarParen '$('>
                        child: (C {<whence>} {(DQ ($ Id.VSub_DollarName SHELL))})
                        right: <Id.Eof_RParen _>
                      )
                    }
                  spids: [197]
                )
              ]
              redirects: []
            )
          ]
          spids: [194 195 205 -1]
        )
      ]
      redirects: []
    )
    (command.ShFunction
      name: check_restricted
      body: 
        (BraceGroup
          left: <Id.Lit_LBrace '{'>
          children: [
            (C {<rm>} {<-f>} {<out>})
            (command.Simple
              words: [{<rksh>} {<-c>} {(DQ ($ Id.VSub_At '@'))}]
              redirects: [
                (redir op:<Id.Redir_Great '2>'> loc:(redir_loc.Fd fd:2) arg:{<out>})
                (redir
                  op: <Id.Redir_Great '>'>
                  loc: (redir_loc.Fd fd:1)
                  arg: {<'/dev/null'>}
                )
              ]
              more_env: []
              do_fork: T
            )
            (command.Simple
              words: [{<grep>} {<restricted>} {<out>}]
              redirects: [
                (redir
                  op: <Id.Redir_Great '>'>
                  loc: (redir_loc.Fd fd:1)
                  arg: {<'/dev/null'>}
                )
                (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>})
              ]
              more_env: []
              do_fork: T
            )
          ]
          redirects: []
          right: <Id.Lit_RBrace '}'>
        )
    )
    (command.AndOr
      ops: [Id.Op_DAmp]
      children: [
        (command.DBracket
          expr: 
            (bool_expr.Binary
              op_id: Id.BoolBinary_GlobNEqual
              left: {($ Id.VSub_DollarName SHELL)}
              right: {<'/'> <Id.Lit_Other '*'>}
            )
          redirects: []
        )
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'SHELL='> name:SHELL)
              op: assign_op.Equal
              rhs: {($ Id.VSub_DollarName pwd) <'/'> ($ Id.VSub_DollarName SHELL)}
              spids: [269]
            )
          ]
          redirects: []
        )
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<cd>} {($ Id.VSub_DollarName tmp)})
        (C {<err_exit>} {(DQ <'cd '> ($ Id.VSub_DollarName tmp) <' failed'>)})
      ]
    )
    (C {<ln>} {<-s>} {($ Id.VSub_DollarName SHELL)} {<rksh>})
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name left:<Id.Lit_VarLike 'PATH='> name:PATH)
          op: assign_op.Equal
          rhs: {($ Id.VSub_DollarName PWD) <Id.Lit_Colon ':'> ($ Id.VSub_DollarName PATH)}
          spids: [296]
        )
      ]
      redirects: []
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<rksh>} {<-c>} {(SQ <'[[ -o restricted ]]'>)})
        (C {<err_exit>} {(SQ <'restricted option not set'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.DBracket
          expr: 
            (bool_expr.Binary
              op_id: Id.BoolBinary_GlobDEqual
              left: 
                {
                  (command_sub
                    left_token: <Id.Left_DollarParen '$('>
                    child: (C {<rksh>} {<-c>} {(SQ <'print hello'>)})
                    right: <Id.Eof_RParen _>
                  )
                }
              right: {<hello>}
            )
          redirects: []
        )
        (C {<err_exit>} {(SQ <'unable to run print'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {<'/bin/echo'>})
        (C {<err_exit>} {(SQ <'/bin/echo not resticted'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [(C {<check_restricted>} {<'./echo'>}) (C {<err_exit>} {(SQ <'./echo not resticted'>)})]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'SHELL=ksh'>)})
        (C {<err_exit>} {(SQ <'SHELL asignment not resticted'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'PATH=/bin'>)})
        (C {<err_exit>} {(SQ <'PATH asignment not resticted'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'FPATH=/bin'>)})
        (C {<err_exit>} {(SQ <'FPATH asignment not resticted'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'ENV=/bin'>)})
        (C {<err_exit>} {(SQ <'ENV asignment not resticted'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'print > file'>)})
        (C {<err_exit>} {(SQ <'> file not restricted'>)})
      ]
    )
    (command.Simple
      words: []
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<empty>})]
      more_env: []
      do_fork: F
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {(SQ <'print <> empty'>)})
        (C {<err_exit>} {(SQ <'<> file not restricted'>)})
      ]
    )
    (command.Simple
      words: [{<print>} {(SQ <'echo hello'>)}]
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<script>})]
      more_env: []
      do_fork: T
    )
    (C {<chmod>} {<Id.Lit_Other '+'> <x>} {<'./script'>})
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {<script>})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} {(SQ <'script without builtins should run in restricted mode'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<check_restricted>} {<'./script'>})
        (C {<err_exit>} {(SQ <'script with / in name should not run in restricted mode'>)})
      ]
    )
    (command.Simple
      words: [{<print>} {(SQ <'/bin/echo hello'>)}]
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<script>})]
      more_env: []
      do_fork: T
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {<script>})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} {(SQ <'script with pathnames should run in restricted mode'>)})
      ]
    )
    (command.Simple
      words: [{<print>} {(SQ <'echo hello> file'>)}]
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<script>})]
      more_env: []
      do_fork: T
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {<script>})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} {(SQ <'script with output redirection should run in restricted mode'>)})
      ]
    )
    (command.Simple
      words: [{<print>} {(SQ <'PATH=/bin'>)}]
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<script>})]
      more_env: []
      do_fork: T
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {<script>})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} {(SQ <'script with PATH assignment should run in restricted mode'>)})
      ]
    )
    (command.Simple
      words: [{<cat>}]
      redirects: [
        (redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<script>})
        (redir
          op: <Id.Redir_DLess '<<'>
          loc: (redir_loc.Fd fd:0)
          arg: 
            (redir_param.HereDoc
              here_begin: {<Id.KW_Bang '!'>}
              here_end_span_id: 584
              stdin_parts: [<'#! '> ($ Id.VSub_DollarName SHELL) <'\n'> <'print hello\n'>]
            )
        )
      ]
      more_env: []
      do_fork: T
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {(SQ <'script;:'>)})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} {(SQ <'script with #! pathname should run in restricted mode'>)})
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (command.Pipeline
          children: [(C {<check_restricted>} {(SQ <script>)})]
          negated: T
          stderr_indices: []
        )
        (C {<err_exit>} 
          {
            (SQ 
              <
'script with #! pathname should run in restricted mode even if last command in script'
              >
            )
          }
        )
      ]
    )
    (command.ForEach
      iter_names: [i]
      iterable: (for_iter.Words words:[{<PATH>} {<ENV>} {<FPATH>}])
      body: 
        (command.DoGroup
          children: [
            (command.AndOr
              ops: [Id.Op_DPipe]
              children: [
                (C {<check_restricted>} 
                  {(DQ <'function foo { typeset '> ($ Id.VSub_DollarName i) <'=foobar;};foo'>)}
                )
                (C {<err_exit>} 
                  {(DQ ($ Id.VSub_DollarName i) <' can be changed in function by using typeset'>)}
                )
              ]
            )
          ]
        )
      redirects: []
    )
    (command.ControlFlow
      token: <Id.ControlFlow_Exit exit>
      arg_word: {(word_part.ArithSub anode:($ Id.Lit_ArithVarLike Errors))}
    )
  ]
)