deblan-mirror/stream-sprout
1
0
Fork 0
mirror of https://github.com/wimpysworld/stream-sprout synced 2026-03-14 14:45:50 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix: avoid injection of substitution commands when parsing yaml

Browse source
This commit is contained in:
Martin Wimpress 2024-07-25 01:33:59 +01:00 committed by Martin Wimpress
commit cd6a8185c6
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
stream-sprout
View file

@ -46,6 +46,7 @@ function parse_yaml() {
w='[a-zA-Z0-9_]*'
fs=$'\034'
sed -ne "s|^\(${s}\):|\1|" \
-e 's|`||g;s|\$||g;' \
-e "s|^\(${s}\)\(${w}\)${s}:${s}[\"']\(.*\)[\"']$s\$|\1${fs}\2${fs}\3|p" \
-e "s|^\(${s}\)\(${w}\)${s}:${s}\(.*\)${s}\$|\1${fs}\2${fs}\3|p" "${1}" |
awk -F"${fs}" '{