From f3454863133c2979f5091e6881cde3a496b2e12d Mon Sep 17 00:00:00 2001
From: Guillaume Lambert <guillaume.lambert@orange.com>
Date: Wed, 10 Mar 2021 16:09:31 +0100
Subject: [COMMON] Fix ${!name} bashisms

pointed out by checkbashisms.

Note this kind of indirections can only be replaced directly in POSIX
by commands using eval.
Security risks must be evaluated for each context where eval is called.
For a safe use, the context must ensure that only a limited number of
possible constrainted values are passed to eval.

https://mywiki.wooledge.org/Bashism#Parameter_Expansions
https://mywiki.wooledge.org/BashFAQ/006#Indirection

Issue-ID: OOM-264
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
---
 kubernetes/common/cassandra/resources/config/docker-entrypoint.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'kubernetes/common/cassandra')

diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 5b652228a6..ff1908c1bb 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+
 set -e
 
 # first arg is `-f` or `--some-option`
@@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then
                 authenticator \
         ; do
                 var="CASSANDRA_${yaml^^}"
-                val="${!var}"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
                         _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
                                 -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
@@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then
 
         for rackdc in dc rack; do
                 var="CASSANDRA_${rackdc^^}"
-                val="${!var}"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
                         _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
                                 -r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
-- 
cgit 1.2.3-korg