From 663a4e8920776aed1b0d1a6c41a16e450408be7d Mon Sep 17 00:00:00 2001 From: Arsen Musayelyan Date: Wed, 5 May 2021 14:00:44 -0700 Subject: [PATCH 1/3] Sanitize shell input --- go.mod | 1 + go.sum | 2 ++ main.go | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 00d235b..9a83fb2 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module pak go 1.15 require ( + github.com/alessio/shellescape v1.4.1 github.com/pelletier/go-toml v1.8.2-0.20201124181426-2e01f733df54 github.com/rs/zerolog v1.20.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 28dd079..37b7ab2 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= +github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/main.go b/main.go index 53cff00..499cc3e 100644 --- a/main.go +++ b/main.go @@ -20,6 +20,7 @@ package main import ( "fmt" + "github.com/alessio/shellescape" "github.com/rs/zerolog" "github.com/rs/zerolog/log" flag "github.com/spf13/pflag" @@ -155,7 +156,7 @@ func main() { cmdArr = append(cmdArr, strings.Join(args[1:], " ")) } // Create space separated string from cmdArr - cmdStr := strings.Join(cmdArr, " ") + cmdStr := shellescape.QuoteCommand(cmdArr) // Instantiate exec.Command object with command sh, flag -c, and cmdStr command := exec.Command("sh", "-c", cmdStr) // Set standard outputs for command From 8480882b32de47e3d44baa0d73c18de19b60ecd6 Mon Sep 17 00:00:00 2001 From: Arsen Musayelyan Date: Wed, 5 May 2021 14:06:18 -0700 Subject: [PATCH 2/3] Only sanitize user input --- main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 499cc3e..5d76112 100644 --- a/main.go +++ b/main.go @@ -153,10 +153,10 @@ func main() { } // If greater than 2 arguments, append them to cmdArr if len(args) >= 2 { - cmdArr = append(cmdArr, strings.Join(args[1:], " ")) + cmdArr = append(cmdArr, shellescape.QuoteCommand(args[1:])) } // Create space separated string from cmdArr - cmdStr := shellescape.QuoteCommand(cmdArr) + cmdStr := strings.Join(cmdArr, " ") // Instantiate exec.Command object with command sh, flag -c, and cmdStr command := exec.Command("sh", "-c", cmdStr) // Set standard outputs for command From a35f05a13ed3118329d91885021d243a6a82641e Mon Sep 17 00:00:00 2001 From: Arsen Musayelyan Date: Thu, 6 May 2021 10:50:27 -0700 Subject: [PATCH 3/3] Clean up code --- main.go | 28 ++++++++++++---------------- usage.go | 2 +- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/main.go b/main.go index 5d76112..34e7c42 100644 --- a/main.go +++ b/main.go @@ -35,11 +35,9 @@ var Log = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}) func main() { // Create help flag - var helpFlagGiven bool - flag.BoolVarP(&helpFlagGiven, "help", "h", false, "Show help screen") + helpFlagGiven := flag.BoolP("help", "h", false, "Show help screen") // Create package manager override flag - var packageManagerOverride string - flag.StringVarP(&packageManagerOverride, "package-manager", "p", os.Getenv("PAK_MGR_OVERRIDE"), "Override package manager wrapped by pak") + packageManagerOverride := flag.StringP("package-manager", "p", os.Getenv("PAK_MGR_OVERRIDE"), "Override package manager wrapped by pak") // Parse arguments for flags flag.Parse() @@ -64,9 +62,9 @@ func main() { config := NewConfig("/etc/pak.toml") // If override is set - if packageManagerOverride != "" { + if *packageManagerOverride != "" { // Set active package manager to override - config.ActiveManager = packageManagerOverride + config.ActiveManager = *packageManagerOverride // Set override state to true isOverridden = true } else { @@ -94,8 +92,8 @@ func main() { similarTo := []string{} // Displays help message if no arguments provided or -h/--help is passed - if len(args) == 0 || helpFlagGiven || Contains(args, "help") { - printHelpMessage(config.ActiveManager, useRoot, rootCommand, commands, shortcuts, isOverridden) + if len(args) == 0 || *helpFlagGiven || Contains(args, "help") { + printHelpMessage(config.ActiveManager, rootCommand, commands, shortcuts, useRoot, isOverridden) os.Exit(0) } @@ -127,16 +125,14 @@ func main() { if len(similarTo) == 0 { Log.Fatal().Msg("This command does not match any known commands or shortcuts") } - // Anonymous function to decide whether to print (overridden) - printOverridden := func() string { - if isOverridden { - return "(overridden)" - } else { - return "" - } + var overriddenStr string + if isOverridden { + overriddenStr = "(overridden)" + } else { + overriddenStr = "" } // Print text showing command being run and package manager being used - fmt.Println("Running:", strings.Title(GetKey(commands, similarTo[0])), "using", strings.Title(config.ActiveManager), printOverridden()) + fmt.Println("Running:", strings.Title(GetKey(commands, similarTo[0])), "using", strings.Title(config.ActiveManager), overriddenStr) // Run package manager with the proper arguments passed if more than one argument exists var cmdArr []string // If root is to be used, append it to cmdArr diff --git a/usage.go b/usage.go index f7786a3..b2cfae8 100644 --- a/usage.go +++ b/usage.go @@ -5,7 +5,7 @@ import ( ) // Print help screen -func printHelpMessage(packageManagerCommand string, useRoot bool, rootCommand string, commands map[string]string, shortcuts map[string]string, isOverridden bool) { +func printHelpMessage(packageManagerCommand, rootCommand string, commands, shortcuts map[string]string, useRoot, isOverridden bool) { fmt.Println("Arsen Musayelyan's Package Manager Wrapper") fmt.Print("Current package manager is: ", packageManagerCommand) if isOverridden {