From d9d6e019633142d7f58fa35d08f297f8e0604fa9 Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Wed, 10 Mar 2021 16:34:39 +0100 Subject: Improve and harden list_active An upcoming commit will introduce support for the BOSUN_DIR environment variable that allows users (and, crucially, the upcoming test suite) to override the default role directory. Since we have previously assumed that we are in full control of STOW_DIR, we now have to be more careful. Revamp list_active such that the sed invocation no longer gets any user input. This should protect against any nefarious contents in BOSUN_DIR. The new approach used by list_active relies on 'realpath', a GNU-only coreutils program, and its '--relative-base' option which prints absolute paths unless they are below a given directory. This allows us to filter symbolic links that do not point to a path within BOSUN_DIR. --- bosun | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bosun b/bosun index d8d0168..5d651a3 100755 --- a/bosun +++ b/bosun @@ -61,13 +61,14 @@ list() { } list_active() { - # Note: we de not escape any special characters in $STOW_DIR since it is - # assumed we are in full control of its contents. - # XXX: -r for xargs is a GNU extension - find "$STOW_DIR/.." -type l -print0 2>/dev/null \ - | xargs -r0 readlink -f \ - | sed -n ":^$STOW_DIR: s:^$STOW_DIR/\([^/]\+\)/.*:\1:p" \ - | sort -u + real=$(realpath "$STOW_DIR") + cd "$STOW_DIR/.." || exit 1 + + # XXX: GNU extensions: -print0 for find, -r -0 for xargs + # XXX: GNU only: realpath + find -type l -print0 2>/dev/null \ + | xargs -r0 realpath -e --relative-base "$real" 2>/dev/null \ + | sed '/^\//d' | cut -d/ -f1 | sort -u } list_all() { -- cgit v1.2.3-2-gb3c3