summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/cassandra
diff options
context:
space:
mode:
authorGuillaume Lambert <guillaume.lambert@orange.com>2021-03-10 16:09:31 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2021-05-26 06:55:45 +0000
commitf3454863133c2979f5091e6881cde3a496b2e12d (patch)
tree65b5d180b3947f9e9b2d0dbae3e683f16939c790 /kubernetes/common/cassandra
parent9970854c6fec9e99bf8c5fd88d2183041a8c9fb7 (diff)
[COMMON] Fix ${!name} bashisms
pointed out by checkbashisms. Note this kind of indirections can only be replaced directly in POSIX by commands using eval. Security risks must be evaluated for each context where eval is called. For a safe use, the context must ensure that only a limited number of possible constrainted values are passed to eval. https://mywiki.wooledge.org/Bashism#Parameter_Expansions https://mywiki.wooledge.org/BashFAQ/006#Indirection Issue-ID: OOM-264 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
Diffstat (limited to 'kubernetes/common/cassandra')
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh7
1 files changed, 5 insertions, 2 deletions
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 5b652228a6..ff1908c1bb 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
set -e
# first arg is `-f` or `--some-option`
@@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then
authenticator \
; do
var="CASSANDRA_${yaml^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
@@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then
for rackdc in dc rack; do
var="CASSANDRA_${rackdc^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'