From 3930f69456fd5a0d108a107e4ee61d87c9a73a56 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sun, 6 Dec 2020 16:45:58 +0100 Subject: [PATCH 1/2] __block: fix escaping in here-doc This changes the here-document to do not interpret any shell-things. It also single-quotes some more strings that are printed to code-remote. Fixes #838 --- cdist/conf/type/__block/gencode-remote | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 1f5cc033..acdb3286 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,10 +46,10 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) +tmpfile=\$(mktemp '${file}.cdist.XXXXXXXXXX') # preserve ownership and permissions of existing file -if [ -f "$file" ]; then - cp -p "$file" "\$tmpfile" +if [ -f '$file' ]; then + cp -p '$file' "\$tmpfile" fi awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' { @@ -63,8 +63,8 @@ awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' } else { print } -}' "$file" > "\$tmpfile" -mv -f "\$tmpfile" "$file" +}' '$file' > "\$tmpfile" +mv -f "\$tmpfile" '$file' DONE } @@ -77,7 +77,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> "$file" << ${__type##*/}_DONE +cat >> '$file' << '${__type##*/}_DONE' $(cat "$block") ${__type##*/}_DONE DONE From c5ca4cd2e13516dfb55371c1600e32297c3343e9 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 7 Dec 2020 19:59:05 +0100 Subject: [PATCH 2/2] __block: securly quote via the quote function Because the function already exists, it will be used for the file to be changed, too. Therefor, no quotes are required for that value. The prefix and suffix match was also improved: There is no regex check any more (the regex did checked the whole line); instead it will do it simple. --- cdist/conf/type/__block/gencode-remote | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index acdb3286..7a1f4064 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,28 +46,29 @@ fi remove_block() { cat << DONE -tmpfile=\$(mktemp '${file}.cdist.XXXXXXXXXX') +tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file -if [ -f '$file' ]; then - cp -p '$file' "\$tmpfile" +if [ -f $quoted_file ]; then + cp -p $quoted_file "\$tmpfile" fi -awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' +awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' { - if (match(\$0,prefix)) { + if (\$0 == prefix) { triggered=1 } if (triggered) { - if (match(\$0,suffix)) { + if (\$0 == suffix) { triggered=0 } } else { print } -}' '$file' > "\$tmpfile" -mv -f "\$tmpfile" '$file' +}' $quoted_file > "\$tmpfile" +mv -f "\$tmpfile" $quoted_file DONE } +quoted_file="$(quote "$file")" case "$state_should" in present) if [ "$state_is" = "changed" ]; then @@ -77,7 +78,7 @@ case "$state_should" in echo add >> "$__messages_out" fi cat << DONE -cat >> '$file' << '${__type##*/}_DONE' +cat >> $quoted_file << '${__type##*/}_DONE' $(cat "$block") ${__type##*/}_DONE DONE