From b63993f69c46d6724cde68e9ab22d250ad433d53 Mon Sep 17 00:00:00 2001
From: "B. Watson" <urchlay@slackware.uk>
Date: Wed, 9 Oct 2024 22:49:25 -0400
Subject: sbolint: improve chown checking.

---
 sbolint | 41 ++++++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 17 deletions(-)

(limited to 'sbolint')

diff --git a/sbolint b/sbolint
index 9d71eb6..78cd28e 100755
--- a/sbolint
+++ b/sbolint
@@ -1466,23 +1466,7 @@ sub check_script {
 		} elsif(/^\s*?CWD=/) {
 			log_warning("$file:$lineno: lone CWD= assignment is redundant in 15.0 template");
 		} elsif(/^\s*?chown\s/) {
-			# explanation in english: get rid of any comment portion of the command,
-			# then if we (a) have no : character, and (b) have what looks like
-			# user.group or $user.$group, complain.
-			# if (a) is true but (b) isn't, that probably means the user:group is
-			# given together in one variable, and we can't really check that.
-			# that, or there's no user/group at all (e.g. chown's --reference
-			# option).
-			my $chown = $_;
-			$chown =~ s/#.*//;
-			if(($chown !~ /:/) &&
-					($chown =~ /
-					 (?:\b|\$)      # word boundary or $ (in case it's a variable)
-					 \w[\w\d]+      # assume user or var starts with letter or _, and >=2 chars long
-					 \.             # a literal dot
-					 [\w\$][\w\d]+  # user or var again
-					 /x))
-			{
+			if(!chown_ok($_)) {
 				log_warning("$file:$lineno: chown should use : instead of . for user:group separator");
 			}
 		}
@@ -1735,6 +1719,29 @@ sub check_doinst {
 
 }
 
+sub chown_ok {
+	my $cmd = shift;
+	$cmd =~ s/#.*//; # get rid of comment, if any
+	$cmd =~ s/^\s+//; # get rid of leading whitespace, if any
+
+	# assign 1st element to undef, to get rid of the chown command itself
+	my (undef, @args) = split /\s+/, $cmd;
+
+	# what remains should include user:group or user.group. if it doesn't,
+	# don't complain: possibly the --reference option is being used.
+	# dots are OK in file paths (e.g. chown root:root /etc/blah.d/blah).
+	# we can't easily tell which is which, but *something* should have a colon.
+	my $dot;
+	for my $arg (@args) {
+		return 1 if /:/;   # found :, we're OK.
+		next     if /\//;  # if there's a /, it's a filename (dots are OK).
+		$dot++   if /\./;  # found a dot, might be not OK.
+	}
+
+	# if we get here, there are no colons. if there *is* a dot, return failure.
+	return !$dot;
+}
+
 sub findem {
 	my ($findcmd, $errmsg) = @_;
 	open my $fh, "-|", "$findcmd";
-- 
cgit v1.2.3