kiss: sanitize user input when needed

2024-12-25 16:40:07 -07:00 · 2019-10-01 22:34:34 +03:00 · 2019-10-01 22:34:34 +03:00 · 0f7b3adfd7
commit 0f7b3adfd7
parent f16d3ca3e4
1 changed files with 11 additions and 0 deletions
--- a/11
+++ b/11
@ -845,6 +845,17 @@ args() {
    # arguments despite trapping the error ('|| :').
    shift "$(($# > 0 ? 1 : 0))"

+    # Unless this is a search, sanitize the user's input. The call to
+    # 'pkg_find()' supports basic globbing, ensure input doesn't expand
+    # to anything except for when this behavior is needed.
+    [ "$action" != search ] && [ "$action" != s ] &&
+        case $* in
+            *[!a-zA-Z0-9_-]*)
+                log kiss "$action $*"
+                die "Arguments contain invalid characters"
+            ;;
+        esac
+
    # Parse some arguments earlier to remove the need to duplicate code.
    case $action in
        c|checksum|s|search)