kiss: Stricter argument validation
This commit is contained in:
parent
28f991039b
commit
d5e79e49b6
29
kiss
29
kiss
|
@ -422,6 +422,7 @@ pkg_order() {
|
||||||
for pkg do case $pkg in
|
for pkg do case $pkg in
|
||||||
/*.tar.*) deps="$deps $pkg" ;;
|
/*.tar.*) deps="$deps $pkg" ;;
|
||||||
*.tar.*) deps="$deps $ppwd/$pkg" ;;
|
*.tar.*) deps="$deps $ppwd/$pkg" ;;
|
||||||
|
*/*) die "Invalid argument: '/!*[]' ($pkg)" ;;
|
||||||
*) pkg_depends "$pkg" raw
|
*) pkg_depends "$pkg" raw
|
||||||
esac done
|
esac done
|
||||||
|
|
||||||
|
@ -1467,14 +1468,26 @@ args() {
|
||||||
action=$1
|
action=$1
|
||||||
shift "$(($# != 0))"
|
shift "$(($# != 0))"
|
||||||
|
|
||||||
# Unless this is a search, sanitize the user's input. The call to
|
# Ensure that arguments do not contain invalid characters. Wildcards can
|
||||||
# 'pkg_find()' supports basic globbing, ensure input doesn't expand
|
# not be used here as they would conflict with kiss extensions.
|
||||||
# to anything except for when this behavior is needed.
|
case $action in
|
||||||
#
|
a|alternatives)
|
||||||
# This handles the globbing characters '*', '!', '[' and ']' as per:
|
case $1 in */*|*\**|*\!*|*\[*|*\]*)
|
||||||
# https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
|
die "Invalid argument: '/!*[]' ($1)"
|
||||||
[ "${action##[aos]*}" ] && case "$*" in *\**|*\!*|*\[*|*\]*)
|
esac
|
||||||
die "Arguments contain invalid characters: '!*[]' ($*)"
|
;;
|
||||||
|
|
||||||
|
b|build|c|checksum|d|download|l|list|r|remove)
|
||||||
|
case $* in */*|*\**|*\!*|*\[*|*\]*)
|
||||||
|
die "Arguments contain invalid characters: '/!*[]' ($*)"
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
i|install)
|
||||||
|
case $* in *\**|*\!*|*\[*|*\]*)
|
||||||
|
die "Arguments contain invalid characters: '!*[]' ($*)"
|
||||||
|
esac
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# CRUX style usage using the current directory as the name of the package
|
# CRUX style usage using the current directory as the name of the package
|
||||||
|
|
Loading…
Reference in New Issue