diff options
author | Wolfgang Müller | 2021-03-10 16:34:39 +0100 |
---|---|---|
committer | Wolfgang Müller | 2021-03-10 16:56:23 +0100 |
commit | d9d6e019633142d7f58fa35d08f297f8e0604fa9 (patch) | |
tree | 717af24a3b16f65ea8ac8b48e4684b09fdf15430 | |
parent | 0a549b991db4d40a2e5281e39b77a23745f8d3d6 (diff) | |
download | bosun-d9d6e019633142d7f58fa35d08f297f8e0604fa9.tar.gz |
Improve and harden list_active
An upcoming commit will introduce support for the BOSUN_DIR environment
variable that allows users (and, crucially, the upcoming test suite) to
override the default role directory. Since we have previously assumed
that we are in full control of STOW_DIR, we now have to be more careful.
Revamp list_active such that the sed invocation no longer gets any user
input. This should protect against any nefarious contents in BOSUN_DIR.
The new approach used by list_active relies on 'realpath', a GNU-only
coreutils program, and its '--relative-base' option which prints
absolute paths unless they are below a given directory. This allows us
to filter symbolic links that do not point to a path within BOSUN_DIR.
-rwxr-xr-x | bosun | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -61,13 +61,14 @@ list() { } list_active() { - # Note: we de not escape any special characters in $STOW_DIR since it is - # assumed we are in full control of its contents. - # XXX: -r for xargs is a GNU extension - find "$STOW_DIR/.." -type l -print0 2>/dev/null \ - | xargs -r0 readlink -f \ - | sed -n ":^$STOW_DIR: s:^$STOW_DIR/\([^/]\+\)/.*:\1:p" \ - | sort -u + real=$(realpath "$STOW_DIR") + cd "$STOW_DIR/.." || exit 1 + + # XXX: GNU extensions: -print0 for find, -r -0 for xargs + # XXX: GNU only: realpath + find -type l -print0 2>/dev/null \ + | xargs -r0 realpath -e --relative-base "$real" 2>/dev/null \ + | sed '/^\//d' | cut -d/ -f1 | sort -u } list_all() { |