YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

helpers: Don't use eval in ynh_exec_* helpers to prevent issues with special chars

Browse source
This commit is contained in:
Alexandre Aubin 2021-10-12 15:49:46 +02:00
parent 910364f9c4
commit a3c0ca4da6
2 changed files with 152 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
data/helpers.d/logging
View file

@ -83,72 +83,107 @@ ynh_print_err () {
# Execute a command and print the result as an error
#
# usage: ynh_exec_err "your_command [ | other_command ]"
# usage: ynh_exec_err your command and args
# | arg: command - command to execute
#
# When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
#
# If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
# Note that you should NOT quote the command but only prefix it with ynh_exec_err
#
# Requires YunoHost version 3.2.0 or higher.
ynh_exec_err () {
ynh_print_err "$(eval $@)"
# Boring legacy handling for when people calls ynh_exec_* wrapping the command in quotes,
# (because in the past eval was used) ...
# we detect this by checking that there's no 2nd arg, and $1 contains a space
if [[ "$#" -eq 1 ]] && [[ "$1" == *" "* ]]
then
ynh_print_err "$(eval $@)"
else
# Note that "$@" is used and not $@, c.f. https://unix.stackexchange.com/a/129077
ynh_print_err "$("$@")"
fi
}
# Execute a command and print the result as a warning
#
# usage: ynh_exec_warn "your_command [ | other_command ]"
# usage: ynh_exec_warn your command and args
# | arg: command - command to execute
#
# When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
#
# If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
# Note that you should NOT quote the command but only prefix it with ynh_exec_warn
#
# Requires YunoHost version 3.2.0 or higher.
ynh_exec_warn () {
ynh_print_warn "$(eval $@)"
# Boring legacy handling for when people calls ynh_exec_* wrapping the command in quotes,
# (because in the past eval was used) ...
# we detect this by checking that there's no 2nd arg, and $1 contains a space
if [[ "$#" -eq 1 ]] && [[ "$1" == *" "* ]]
then
ynh_print_warn "$(eval $@)"
else
# Note that "$@" is used and not $@, c.f. https://unix.stackexchange.com/a/129077
ynh_print_warn "$("$@")"
fi
}
# Execute a command and force the result to be printed on stdout
#
# usage: ynh_exec_warn_less "your_command [ | other_command ]"
# usage: ynh_exec_warn_less your command and args
# | arg: command - command to execute
#
# When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
#
# If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
# Note that you should NOT quote the command but only prefix it with ynh_exec_warn
#
# Requires YunoHost version 3.2.0 or higher.
ynh_exec_warn_less () {
eval $@ 2>&1
# Boring legacy handling for when people calls ynh_exec_* wrapping the command in quotes,
# (because in the past eval was used) ...
# we detect this by checking that there's no 2nd arg, and $1 contains a space
if [[ "$#" -eq 1 ]] && [[ "$1" == *" "* ]]
then
eval $@ 2>&1
else
# Note that "$@" is used and not $@, c.f. https://unix.stackexchange.com/a/129077
"$@" 2>&1
fi
}
# Execute a command and redirect stdout in /dev/null
#
# usage: ynh_exec_quiet "your_command [ | other_command ]"
# usage: ynh_exec_quiet your command and args
# | arg: command - command to execute
#
# When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
#
# If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
# Note that you should NOT quote the command but only prefix it with ynh_exec_warn
#
# Requires YunoHost version 3.2.0 or higher.
ynh_exec_quiet () {
eval $@ > /dev/null
# Boring legacy handling for when people calls ynh_exec_* wrapping the command in quotes,
# (because in the past eval was used) ...
# we detect this by checking that there's no 2nd arg, and $1 contains a space
if [[ "$#" -eq 1 ]] && [[ "$1" == *" "* ]]
then
eval $@ > /dev/null
else
# Note that "$@" is used and not $@, c.f. https://unix.stackexchange.com/a/129077
"$@" > /dev/null
fi
}
# Execute a command and redirect stdout and stderr in /dev/null
#
# usage: ynh_exec_fully_quiet "your_command [ | other_command ]"
# usage: ynh_exec_quiet your command and args
# | arg: command - command to execute
#
# When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
#
# If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
# Note that you should NOT quote the command but only prefix it with ynh_exec_quiet
#
# Requires YunoHost version 3.2.0 or higher.
ynh_exec_fully_quiet () {
eval $@ > /dev/null 2>&1
# Boring legacy handling for when people calls ynh_exec_* wrapping the command in quotes,
# (because in the past eval was used) ...
# we detect this by checking that there's no 2nd arg, and $1 contains a space
if [[ "$#" -eq 1 ]] && [[ "$1" == *" "* ]]
then
eval $@ > /dev/null 2>&1
else
# Note that "$@" is used and not $@, c.f. https://unix.stackexchange.com/a/129077
"$@" > /dev/null 2>&1
fi
}
# Remove any logs for all the following commands.

92
tests/test_helpers.d/ynhtest_logging.sh Normal file
View file

@ -0,0 +1,92 @@
ynhtest_exec_warn_less() {
FOO='foo'
bar=""
BAR='$bar'
FOOBAR="foo bar"
# These looks like stupid edge case
# but in fact happens when dealing with passwords
# (which could also contain bash chars like [], {}, ...)
# or urls containing &, ...
FOOANDBAR="foo&bar"
FOO1QUOTEBAR="foo'bar"
FOO2QUOTEBAR="foo\"bar"
ynh_exec_warn_less uptime
test ! -e $FOO
ynh_exec_warn_less touch $FOO
test -e $FOO
rm $FOO
test ! -e $FOO1QUOTEBAR
ynh_exec_warn_less touch $FOO1QUOTEBAR
test -e $FOO1QUOTEBAR
rm $FOO1QUOTEBAR
test ! -e $FOO2QUOTEBAR
ynh_exec_warn_less touch $FOO2QUOTEBAR
test -e $FOO2QUOTEBAR
rm $FOO2QUOTEBAR
test ! -e $BAR
ynh_exec_warn_less touch $BAR
test -e $BAR
rm $BAR
test ! -e "$FOOBAR"
ynh_exec_warn_less touch "$FOOBAR"
test -e "$FOOBAR"
rm "$FOOBAR"
test ! -e "$FOOANDBAR"
ynh_exec_warn_less touch $FOOANDBAR
test -e "$FOOANDBAR"
rm "$FOOANDBAR"
###########################
# Legacy stuff using eval #
###########################
test ! -e $FOO
ynh_exec_warn_less "touch $FOO"
test -e $FOO
rm $FOO
test ! -e $FOO1QUOTEBAR
ynh_exec_warn_less "touch \"$FOO1QUOTEBAR\""
# (this works but expliciy *double* quotes have to be provided)
test -e $FOO1QUOTEBAR
rm $FOO1QUOTEBAR
#test ! -e $FOO2QUOTEBAR
#ynh_exec_warn_less "touch \'$FOO2QUOTEBAR\'"
## (this doesn't work with simple or double quotes)
#test -e $FOO2QUOTEBAR
#rm $FOO2QUOTEBAR
test ! -e $BAR
ynh_exec_warn_less 'touch $BAR'
# That one works because $BAR is only interpreted during eval
test -e $BAR
rm $BAR
#test ! -e $BAR
#ynh_exec_warn_less "touch $BAR"
# That one doesn't work because $bar gets interpreted as empty var by eval...
#test -e $BAR
#rm $BAR
test ! -e "$FOOBAR"
ynh_exec_warn_less "touch \"$FOOBAR\""
# (works but requires explicit double quotes otherwise eval would interpret 'foo bar' as two separate args..)
test -e "$FOOBAR"
rm "$FOOBAR"
test ! -e "$FOOANDBAR"
ynh_exec_warn_less "touch \"$FOOANDBAR\""
# (works but requires explicit double quotes otherwise eval would interpret '&' as a "run command in background" and also bar is not a valid command)
test -e "$FOOANDBAR"
rm "$FOOANDBAR"
}