From e6d64fad6ac6b2b289972d834625c387ea3023c4 Mon Sep 17 00:00:00 2001 From: William Fleurant Date: Mon, 16 Mar 2026 12:36:17 +0100 Subject: [PATCH 1/2] ini: use envsubst eval was prob used to expand $VAR refs ini values ie: path = $HOME/.config reason for this patch: if say the ini is updated via session_token or user_input then think of backticks or $() or ! in user_input_pw envsubst would continue to expand available env vars unknown vars become empty strings so key=val of "credentials=user:${NONEXISTENT}" becomes "credentials=user:" if a token or password contains $ .. itll be silently empty and literal but at least not executed - Known env var: ($HOME) is expanded (OK) - Unknown env var: ($NONEXISTENT) becomes EMPTY STRING - string with bang: (!) is passed through as is (OK) - backticks or exec: (`) or ($()) is passwd through as is (OK) --- examples/config/src/lib/ini.sh | 2 +- examples/ini/src/lib/ini.sh | 2 +- lib/bashly/libraries/ini/ini.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/config/src/lib/ini.sh b/examples/config/src/lib/ini.sh index 8b2df57e..fffed73b 100644 --- a/examples/config/src/lib/ini.sh +++ b/examples/config/src/lib/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && eval "value=\"$value\"" + [[ $value == *\$* ]] && value=$(envsubst <<< "$value") ini["${section}${key}"]="$value" fi done <"$ini_file" diff --git a/examples/ini/src/lib/ini.sh b/examples/ini/src/lib/ini.sh index 8b2df57e..fffed73b 100644 --- a/examples/ini/src/lib/ini.sh +++ b/examples/ini/src/lib/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && eval "value=\"$value\"" + [[ $value == *\$* ]] && value=$(envsubst <<< "$value") ini["${section}${key}"]="$value" fi done <"$ini_file" diff --git a/lib/bashly/libraries/ini/ini.sh b/lib/bashly/libraries/ini/ini.sh index 8b2df57e..fffed73b 100644 --- a/lib/bashly/libraries/ini/ini.sh +++ b/lib/bashly/libraries/ini/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && eval "value=\"$value\"" + [[ $value == *\$* ]] && value=$(envsubst <<< "$value") ini["${section}${key}"]="$value" fi done <"$ini_file" From 494b191763725d03f4f2e530559550df0b02307f Mon Sep 17 00:00:00 2001 From: Danny Ben Shitrit Date: Mon, 16 Mar 2026 14:06:03 +0200 Subject: [PATCH 2/2] fix shfmt --- examples/config/src/lib/ini.sh | 2 +- examples/ini/src/lib/ini.sh | 2 +- lib/bashly/libraries/ini/ini.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/config/src/lib/ini.sh b/examples/config/src/lib/ini.sh index fffed73b..752d02c6 100644 --- a/examples/config/src/lib/ini.sh +++ b/examples/config/src/lib/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && value=$(envsubst <<< "$value") + [[ $value == *\$* ]] && value=$(envsubst <<<"$value") ini["${section}${key}"]="$value" fi done <"$ini_file" diff --git a/examples/ini/src/lib/ini.sh b/examples/ini/src/lib/ini.sh index fffed73b..752d02c6 100644 --- a/examples/ini/src/lib/ini.sh +++ b/examples/ini/src/lib/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && value=$(envsubst <<< "$value") + [[ $value == *\$* ]] && value=$(envsubst <<<"$value") ini["${section}${key}"]="$value" fi done <"$ini_file" diff --git a/lib/bashly/libraries/ini/ini.sh b/lib/bashly/libraries/ini/ini.sh index fffed73b..752d02c6 100644 --- a/lib/bashly/libraries/ini/ini.sh +++ b/lib/bashly/libraries/ini/ini.sh @@ -47,7 +47,7 @@ ini_load() { elif [[ $line =~ $key_regex ]]; then key="${BASH_REMATCH[1]}" value="${BASH_REMATCH[2]}" - [[ $value == *\$* ]] && value=$(envsubst <<< "$value") + [[ $value == *\$* ]] && value=$(envsubst <<<"$value") ini["${section}${key}"]="$value" fi done <"$ini_file"