[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Arbitrary command execution from test on a quoted string
From: |
felix |
Subject: |
Re: Arbitrary command execution from test on a quoted string |
Date: |
Sun, 31 Oct 2021 09:05:22 +0100 |
Unfortunely, this won't be useable with associative array, like:
declare -A AssocVar='([Some string.]=foo)'
test -v AssocVar['Some string.'] && echo yes || echo no
yes
isvar AssocVar['Some string.'] && echo yes || echo no
no
But Lea's solution seem work:
test "${AssocVar['Some string.']@Q}" && echo yes || echo no
yes
Even with empty variables:
declare -A AssocVar='([Some string.]=)'
test "${AssocVar['Some string.']@Q}" && echo yes || echo no
yes
test "${AssocVar['Some other string?']@Q}" && echo yes || echo no
no
Le Fri, Oct 29, 2021 at 07:54:17AM -0400, Greg Wooledge a écrit :
> On Fri, Oct 29, 2021 at 07:37:13AM +0200, Léa Gris wrote:
> > A safe way to replace:
> > test -v "$USER_INPUT"
> >
> > Would be:
> > test "${USER_INPUT@Q}"
> >
> > But it is not backward-compatible with older bash versions.
>
> test -v is fairly recent as well. That was introduced in 4.2, and the @Q
> syntax in 4.4.
>
> I would suggest a three-step validation:
>
> isvar() {
> [[ $1 = LC_ALL ]] && { test -v "$1"; return; }
>
> local LC_ALL=C
> [[ $1 = [a-zA-Z_]*([a-zA-Z0-9_]) ]] || return 1
>
> test -v "$1"
> }
--
Félix Hauri - <felix@f-hauri.ch> - http://www.f-hauri.ch
Re: Arbitrary command execution from test on a quoted string, Ilkka Virta, 2021/10/29
- Re: Arbitrary command execution from test on a quoted string, Greg Wooledge, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, L A Walsh, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, Greg Wooledge, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, Léa Gris, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, L A Walsh, 2021/10/30
- Re: Arbitrary command execution in shell - by design!, Léa Gris, 2021/10/30
- Re: Arbitrary command execution in shell - by design!, Ángel, 2021/10/30
Re: Arbitrary command execution in shell - by design!, Robert Elz, 2021/10/29