2b1c36538f
There are two possibilities for protection: 1) we should protect at least from very evil shell metacharacters, like [$*], and also from [:cntrl:] (e.g. newline). 2) we can provide an exhaustive list of characters that are valid for non-evil pathnames and commands, and issue mandatory warning if the command or path appears to be evil. I chose the latter approach. Valid character range is 'A-Za-z0-9/@=.,:_+-'. Note that (almost) all files from our base build system are valid paths: $ valid='A-Za-z0-9/@=.,:_+-' $ hsh-run -- rpm -qal |grep "[^$valid]" /usr/bin/[ /usr/share/man/man1/[.1.bz2 (contains no files) (contains no files) $ Later we'll see if the range of valid characters needs to be extended.
79 lines
2.3 KiB
Bash
Executable File
79 lines
2.3 KiB
Bash
Executable File
#!/bin/sh -efu
|
|
#
|
|
# Copyright (C) 2000,2003 Dmitry V. Levin <ldv@altlinux.org>
|
|
# Copyright (C) 2007 Alexey Tourbin <at@altlinux.org>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
. @RPMCONFIGDIR@/functions
|
|
. @RPMCONFIGDIR@/find-package
|
|
|
|
ShellReq()
|
|
{
|
|
local f="$1"; shift
|
|
|
|
local t sh
|
|
t=$(file -bL "$f") || Fatal "${t:-$f: file type not available}"
|
|
case "$t" in
|
|
*"Bourne-Again shell script text"*)
|
|
sh=/bin/bash ;;
|
|
*" bash script text"*)
|
|
sh=/bin/bash ;;
|
|
*)
|
|
sh=/bin/sh ;;
|
|
esac
|
|
$sh --rpm-requires </dev/null >/dev/null ||
|
|
Fatal "$sh interpreter does not support --rpm-requires feature"
|
|
|
|
local reqs line1
|
|
if ! reqs="$($sh --rpm-requires "$f")"; then
|
|
# sh --rpm-requires failed, and stderr is already there.
|
|
# We are almost dead. The last chance to escape is to see
|
|
# if the shell is used only to re-exec another interpreter, e.g.
|
|
# exec tclsh "$0" "$@"
|
|
if line1=$(egrep -m1 -v '^[[:space:]]*(#|$)' "$f"); then
|
|
set -- $line1
|
|
if [ $# -gt 1 ] && [ "$1" = exec ]; then
|
|
Info "$f is $2 script!"
|
|
FindPackage "$f" "$2"
|
|
return 0
|
|
fi
|
|
fi
|
|
Fatal "$f: $sh --rpm-requires failed"
|
|
fi
|
|
|
|
reqs="$(printf %s\\n "$reqs" |sed -n 's/^\(sh\|bash\|executable\)(\(.*\))$/\2/p' |LC_COLLATE=C sort -u)"
|
|
|
|
local dname r
|
|
dname=${f#${RPM_BUILD_ROOT-}}
|
|
dname=${dname%/*}
|
|
for r in $reqs; do
|
|
case "$(type -t -- "$r")" in
|
|
alias|keyword|function|builtin)
|
|
continue ;;
|
|
esac
|
|
if grep -qs -Fx -- "$r" "${RPM_BUILD_ROOT-}$dname/.provides.sh"; then
|
|
printf %s\\n "$dname($r)"
|
|
elif grep -qs -Fx -- "$r" "$dname/.provides.sh"; then
|
|
printf %s\\n "$dname($r)"
|
|
else
|
|
FindPackage "$f" "$r"
|
|
fi
|
|
done
|
|
}
|
|
|
|
ArgvFileAction ShellReq "$@"
|