diff options
| author | B. Watson <urchlay@slackware.uk> | 2024-10-09 22:49:25 -0400 |
|---|---|---|
| committer | B. Watson <urchlay@slackware.uk> | 2024-10-09 22:49:25 -0400 |
| commit | b63993f69c46d6724cde68e9ab22d250ad433d53 (patch) | |
| tree | 144d7de46bbab27a4406011b3ed82ff4867ae116 | |
| parent | e26cd076e322b636438e0a9570434a8135af32a4 (diff) | |
| download | sbo-maintainer-tools-b63993f69c46d6724cde68e9ab22d250ad433d53.tar.gz | |
sbolint: improve chown checking.
| -rwxr-xr-x | sbolint | 41 |
1 files changed, 24 insertions, 17 deletions
@@ -1466,23 +1466,7 @@ sub check_script { } elsif(/^\s*?CWD=/) { log_warning("$file:$lineno: lone CWD= assignment is redundant in 15.0 template"); } elsif(/^\s*?chown\s/) { - # explanation in english: get rid of any comment portion of the command, - # then if we (a) have no : character, and (b) have what looks like - # user.group or $user.$group, complain. - # if (a) is true but (b) isn't, that probably means the user:group is - # given together in one variable, and we can't really check that. - # that, or there's no user/group at all (e.g. chown's --reference - # option). - my $chown = $_; - $chown =~ s/#.*//; - if(($chown !~ /:/) && - ($chown =~ / - (?:\b|\$) # word boundary or $ (in case it's a variable) - \w[\w\d]+ # assume user or var starts with letter or _, and >=2 chars long - \. # a literal dot - [\w\$][\w\d]+ # user or var again - /x)) - { + if(!chown_ok($_)) { log_warning("$file:$lineno: chown should use : instead of . for user:group separator"); } } @@ -1735,6 +1719,29 @@ sub check_doinst { } +sub chown_ok { + my $cmd = shift; + $cmd =~ s/#.*//; # get rid of comment, if any + $cmd =~ s/^\s+//; # get rid of leading whitespace, if any + + # assign 1st element to undef, to get rid of the chown command itself + my (undef, @args) = split /\s+/, $cmd; + + # what remains should include user:group or user.group. if it doesn't, + # don't complain: possibly the --reference option is being used. + # dots are OK in file paths (e.g. chown root:root /etc/blah.d/blah). + # we can't easily tell which is which, but *something* should have a colon. + my $dot; + for my $arg (@args) { + return 1 if /:/; # found :, we're OK. + next if /\//; # if there's a /, it's a filename (dots are OK). + $dot++ if /\./; # found a dot, might be not OK. + } + + # if we get here, there are no colons. if there *is* a dot, return failure. + return !$dot; +} + sub findem { my ($findcmd, $errmsg) = @_; open my $fh, "-|", "$findcmd"; |