sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-28 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible quoting problem and introduce test

Browse Source
This commit is contained in:
Phil Whineray 2015-10-25 08:04:44 +00:00
parent c76f7626a2
commit ab2259f49b
2 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
packaging/pre-commit
View File

@ -46,9 +46,12 @@ then
exit 1
fi
status=0
# Files we will check in their entirety
git show :ChangeLog > /tmp/staged-ChangeLog.$$
git show :NEWS > /tmp/staged-NEWS.$$
git show :sbin/firehol.in > /tmp/staged-sbin-firehol.in$$
status=0
clogver=`sed -ne '1s/.*(\(.*\)).*/\1/p' /tmp/staged-ChangeLog.$$`
newsver=`head -n 10 /tmp/staged-NEWS.$$ | sed -ne 's/.*\<\([1-9][0-9]*\.[0-9][0-9]*[0-9A-Za-z.-]*\).*/\1/p' | head -n 1`
@ -74,6 +77,29 @@ then
status=1
fi
# Find commands that have been enclosed in quotes and remove anything after
# if nothing matched the substitution, proceed to the next line
# if the command is used in a -z check, proceed to the next line
# if the command is in posix size check [ "$var" ], proceed to the next line
# if the command is being assigned to a variable, proceed to the next line
# if the command is being used in an eval, proceed to the next line
# Anything left, print the line number
sed -n -e 's/\("\$[^"}]*_CMD}\).*/\1/' \
-e T \
-e '/-z *"\$/b' \
-e '/\[ *"\$/b' \
-e '/= *"\$/b' \
-e '/eval *"\$/b' \
-e '{=}' \
/tmp/staged-sbin-firehol.in$$ > /tmp/staged-sbin-firehol.problem-lines.$$
if [ -s /tmp/staged-sbin-firehol.problem-lines.$$ ]
then
status=1
echo 'Detected use(s) of "${SOMETHING_CMD}" in firehol.in. Check lines:'
cat /tmp/staged-sbin-firehol.problem-lines.$$
fi
rm -f /tmp/staged-*.$$
if [ $status -ne 0 ]

4
sbin/firehol.in
View File

@ -1068,7 +1068,7 @@ FIREHOL_HAVE_IPRANGE=1
IPRANGE_WARNING=0
if [ ! -z "${IPRANGE_CMD}" ]
then
"${IPRANGE_CMD}" --has-reduce 2>/dev/null || IPRANGE_CMD=
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD=
fi
if [ -z "${IPRANGE_CMD}" ]
@ -5156,7 +5156,7 @@ ipset_file_to_restore_filter() {
local opts=
[ "${hash}" = "hash:net" -o "${hash}" = "nethash" ] && opts="--ipset-reduce 20 --ipset-reduce-entries 65536"
[ "${hash}" = "hash:ip" -o "${hash}" = "iphash" ] && opts="-1"
"${IPRANGE_CMD}" ${opts} \
${IPRANGE_CMD} ${opts} \
--print-prefix "${IPSET_ADD_OPTION} ${name} " \
--print-suffix " ${*}"
else