diff options
| author |   Kerin Millar <kfm@plushkava.net> | 2024-08-05 00:43:44 +0100 |
|---|---|---|
| committer | Kerin Millar <kfm@plushkava.net> | 2024-08-05 00:52:51 +0100 |
| commit | f4ce893c16ede796c9a524650702e49afb5d0361 (patch) | |
| tree | 508bdaf51718e1046bbbdb8aeedbc306308a0da5 /test-functions | |
| parent | test-functions: add several shellcheck exemptions (diff) | |
| download | gentoo-functions-f4ce893c16ede796c9a524650702e49afb5d0361.tar.gz gentoo-functions-f4ce893c16ede796c9a524650702e49afb5d0361.tar.bz2 gentoo-functions-f4ce893c16ede796c9a524650702e49afb5d0361.zip | |
Add the assign() and deref() functions
These two functions are primarily intended to mitigate the appalling use
of eval in projects such as netifrc and openrc. Consider the following
code.
net/iproute2.sh:29: eval netns="\$netns_${IFVAR}"
This could instead be be written as:
deref "netns_${IFVAR}" netns
Alternatively, it could be written so as to use a command substitution:
netns=$(deref "netns_${IFVAR}")
Either method would protect against against illegal identifier names and
code injection.
Consider, also, the following code.
net/iproute2.sh:185: eval "$x=$1" ; shift ;;
This could instead be written as:
assign "$x" "$1"
As with deref, it would protect against illegal identifier names and
code injection.
Signed-off-by: Kerin Millar <kfm@plushkava.net>
Diffstat (limited to 'test-functions')
| -rwxr-xr-x | test-functions | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/test-functions b/test-functions index 8acb731..561ddc5 100755 --- a/test-functions +++ b/test-functions @@ -824,6 +824,57 @@ test_quote_args() { } } +test_assign() { + set -- \ + ge 1 N/A N/A \ + ge 1 '' N/A \ + ge 1 0 N/A \ + ge 1 valid_nameref N/A \ + ge 1 '' marmoset \ + ge 1 0 marmoset \ + ge 1 valid_nameref N/A \ + ge 1 'injection=1 #' comment \ + eq 0 valid_nameref marmoset + + callback() { + shift + test_description="assign $(quote_args "$@")" + injection= + assign "$@" 2>/dev/null || test "${injection}" + } + + iterate_tests 4 "$@" +} + +test_deref() { + set -- \ + ge 1 N/A N/A \ + ge 1 '' N/A \ + ge 1 0 N/A \ + ge 1 '' '' \ + ge 1 0 0 \ + eq 0 valid_nameref N/A \ + eq 0 valid_nameref assignee \ + ge 1 PWD 'injection=1 #' + + callback() { + shift + test_description="deref $(quote_args "$@")" + case $# in + 2) + assignee= injection= + deref "$@" \ + && { test "${assignee}" = "marmoset" || test "${injection}"; } + ;; + *) + stdout=$(deref "$@") && test "${stdout}" = "marmoset" + ;; + esac 2>/dev/null + } + + iterate_tests 4 "$@" +} + iterate_tests() { slice_width=$1 shift @@ -902,6 +953,8 @@ else test_contains_all || rc=1 test_contains_any || rc=1 test_quote_args || rc=1 + test_assign || rc=1 + test_deref || rc=1 fi cleanup_tmpdir |