exec command, and remote execution improvements!
This commit is contained in:
Your Name
@@ -6,6 +6,7 @@
|
||||
#include <string>
|
||||
#include <cstdlib>
|
||||
#include <sstream>
|
||||
#include <cctype>
|
||||
#include <libassert/assert.hpp>
|
||||
|
||||
#include "execute.hpp"
|
||||
@@ -203,6 +204,28 @@ namespace dropshell
|
||||
return commandstr;
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------------------
|
||||
// sanitize_env_var_name - Basic sanity check for environment variable names
|
||||
// ----------------------------------------------------------------------------------------------------------
|
||||
static bool is_valid_env_var_name(const std::string &name)
|
||||
{
|
||||
if (name.empty())
|
||||
return false;
|
||||
|
||||
// Must start with letter or underscore
|
||||
if (!std::isalpha(name[0]) && name[0] != '_')
|
||||
return false;
|
||||
|
||||
// Rest must be alphanumeric or underscore
|
||||
for (char c : name)
|
||||
{
|
||||
if (!std::isalnum(c) && c != '_')
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------------------
|
||||
// construct_cmd
|
||||
// ----------------------------------------------------------------------------------------------------------
|
||||
@@ -220,8 +243,29 @@ namespace dropshell
|
||||
cmdstr += "cd " + quote(mDir) + " && ";
|
||||
|
||||
if (!mVars.empty())
|
||||
{
|
||||
// Export variables so they're available for expansion in the command
|
||||
for (const auto &env_var : mVars)
|
||||
cmdstr += env_var.first + "=" + quote(dequote(trim(env_var.second))) + " ";
|
||||
{
|
||||
// Basic sanity check - skip invalid variable names
|
||||
if (!is_valid_env_var_name(env_var.first))
|
||||
{
|
||||
error << "Skipping invalid environment variable name: " << env_var.first << std::endl;
|
||||
continue;
|
||||
}
|
||||
|
||||
// Very basic check for completely broken values that could break the command
|
||||
// We still use quote() for proper escaping, but warn about suspicious values
|
||||
const std::string &value = env_var.second;
|
||||
if (value.find('\0') != std::string::npos)
|
||||
{
|
||||
error << "Skipping environment variable with null byte: " << env_var.first << std::endl;
|
||||
continue;
|
||||
}
|
||||
|
||||
cmdstr += "export " + env_var.first + "=" + quote(dequote(trim(value))) + " && ";
|
||||
}
|
||||
}
|
||||
|
||||
cmdstr += mCmd;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user