diff options
| author |   Guillaume Lambert <guillaume.lambert@orange.com> | 2021-03-10 16:09:31 +0100 |
|---|---|---|
| committer |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-05-26 06:55:45 +0000 |
| commit | f3454863133c2979f5091e6881cde3a496b2e12d (patch) | |
| tree | 65b5d180b3947f9e9b2d0dbae3e683f16939c790 /kubernetes/common/cassandra | |
| parent | 9970854c6fec9e99bf8c5fd88d2183041a8c9fb7 (diff) | |
[COMMON] Fix ${!name} bashisms
pointed out by checkbashisms.
Note this kind of indirections can only be replaced directly in POSIX
by commands using eval.
Security risks must be evaluated for each context where eval is called.
For a safe use, the context must ensure that only a limited number of
possible constrainted values are passed to eval.
https://mywiki.wooledge.org/Bashism#Parameter_Expansions
https://mywiki.wooledge.org/BashFAQ/006#Indirection
Issue-ID: OOM-264
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
Diffstat (limited to 'kubernetes/common/cassandra')
| -rw-r--r-- | kubernetes/common/cassandra/resources/config/docker-entrypoint.sh | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 5b652228a6..ff1908c1bb 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -e # first arg is `-f` or `--some-option` @@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then authenticator \ ; do var="CASSANDRA_${yaml^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \ -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/' @@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then for rackdc in dc rack; do var="CASSANDRA_${rackdc^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \ -r 's/^('"$rackdc"'=).*/\1 '"$val"'/' |