ExternalVendorCode/mo
1
0
Fork 0
mirror of https://github.com/tests-always-included/mo.git synced 2024-12-18 16:27:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Making a bit more safe and disabling an eval by default

Browse Source
This commit is contained in:
Tyler Akins 2017-11-03 16:45:51 -05:00
parent a5ec7dd740
commit f20e4ae83a
No known key found for this signature in database
GPG Key ID: 8F3B8C432F4393BD
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -115,6 +115,8 @@ The result? You get a list of the five elements in the array. It is vital that
There are more scripts available in the [demos directory](demo/) that could help illustrate how you would use this program. There are more scripts available in the [demos directory](demo/) that could help illustrate how you would use this program.
There are additional features that the program supports. Try using `mo --help` to see what is available.
Concessions Concessions
----------- -----------

24
mo
View File

@ -29,6 +29,10 @@
# Public: Template parser function. Writes templates to stdout. # Public: Template parser function. Writes templates to stdout.
# #
# $0 - Name of the mo file, used for getting the help message. # $0 - Name of the mo file, used for getting the help message.
# --allow-function-arguments
# - Permit functions in templates to be called with additional
# arguments. This puts template data directly in to the path
# of an eval statement. Use with caution.
# --fail-not-set - Fail upon expansion of an unset variable. Default behavior # --fail-not-set - Fail upon expansion of an unset variable. Default behavior
# is to silently ignore and expand into empty string. # is to silently ignore and expand into empty string.
# --false - Treat "false" as an empty value. You may set the # --false - Treat "false" as an empty value. You may set the
@ -43,6 +47,12 @@
# #
# Mo uses the following environment variables: # Mo uses the following environment variables:
# #
# MO_ALLOW_FUNCTION_ARGUMENTS
# - When set to a non-empty value, this allows functions
# referenced in templates to receive additional
# options and arguments. This puts the content from the
# template directly into an eval statement. Use with
# extreme care.
# MO_FAIL_ON_UNSET - When set to a non-empty value, expansion of an unset # MO_FAIL_ON_UNSET - When set to a non-empty value, expansion of an unset
# env variable will be aborted with an error. # env variable will be aborted with an error.
# MO_FALSE_IS_EMPTY - When set to a non-empty value, the string "false" # MO_FALSE_IS_EMPTY - When set to a non-empty value, the string "false"
@ -74,6 +84,11 @@ mo() (
exit 0 exit 0
;; ;;
--allow-function-arguments)
# shellcheck disable=SC2030
MO_ALLOW_FUNCTION_ARGUMENTS=true
;;
--fail-not-set) --fail-not-set)
# shellcheck disable=SC2030 # shellcheck disable=SC2030
MO_FAIL_ON_UNSET=true MO_FAIL_ON_UNSET=true
@ -128,8 +143,13 @@ mo() (
moCallFunction() { moCallFunction() {
local moCommand local moCommand
printf -v moCommand "%q %q %s" "$1" "$2" "$3" # shellcheck disable=SC2031
eval "$moCommand" if [[ -n "$MO_ALLOW_FUNCTION_ARGUMENTS" ]]; then
printf -v moCommand "%q %q %s" "$1" "$2" "$3"
eval "$moCommand"
else
"$1" "$2"
fi
} }