diff --git a/src/gt-pull.sh b/src/gt-pull.sh index 1351dbd..ada975f 100755 --- a/src/gt-pull.sh +++ b/src/gt-pull.sh @@ -185,7 +185,7 @@ function gt_pull() { # before we report about missing arguments we check if the working directory exists and # if it is inside of the call location exitIfWorkingDirDoesNotExist "$workingDir" - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" # if remote does not exist then pull.args does not and most likely pullDir is thus not defined, in this case we want # to show the error about the non existing remote before other missing arguments @@ -208,7 +208,7 @@ function gt_pull() { workingDirAbsolute=$(readlink -m "$workingDir") || die "could not deduce workingDirAbsolute from %s" "$workingDir" pullDirAbsolute=$(readlink -m "$pullDir") local -r workingDirAbsolute pullDirAbsolute - checkIfDirectoryNamedIsOutsideOf "$pullDirAbsolute" "pull directory" "$currentDir" || return $? + checkIfPathNamedIsOutsideOf "$pullDirAbsolute" "pull directory" "$currentDir" || return $? local publicKeysDir repo gpgDir pulledTsv pullHookFile source "$dir_of_gt/paths.source.sh" || traceAndDie "could not source paths.source.sh" @@ -426,6 +426,10 @@ function gt_pull() { local absoluteFile while read -r -d $'\0' absoluteFile; do + # in theory this check should not be necessary as we already check that the pullDir is not outside + # but better be sure as we don't want that `gt re-pull` can be a security risk (leaving pull-hooks aside) + checkIfPathNamedIsOutsideOf "$absoluteFile" "target path" "$currentDir" || return $? + local repoFile repoFile=$(realpath --relative-to="$repo" "$absoluteFile") if [[ $doVerification == true && -f "$absoluteFile.$sigExtension" ]]; then diff --git a/src/gt-re-pull.sh b/src/gt-re-pull.sh index bf5b34e..9830eea 100755 --- a/src/gt-re-pull.sh +++ b/src/gt-re-pull.sh @@ -100,7 +100,7 @@ function gt_re_pull() { # before we report about missing arguments we check if the working directory exists and # if it is inside of the call location exitIfWorkingDirDoesNotExist "$workingDir" - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION" diff --git a/src/gt-remote.sh b/src/gt-remote.sh index f33b3c2..36b54a7 100755 --- a/src/gt-remote.sh +++ b/src/gt-remote.sh @@ -110,7 +110,7 @@ function gt_remote_add() { if ! [[ -v tagFilter ]]; then tagFilter=".*"; fi # before we report about missing arguments we check if the working directory is inside of the call location - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION" local -r remoteIdentifierRegex="^[a-zA-Z0-9_-]+$" @@ -256,7 +256,7 @@ function gt_remote_list_raw() { # before we report about missing arguments we check if the working directory exists and # if it is inside of the call location exitIfWorkingDirDoesNotExist "$workingDir" - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION" @@ -325,7 +325,7 @@ function gt_remote_remove() { # before we report about missing arguments we check if the working directory exists and # if it is inside of the call location exitIfWorkingDirDoesNotExist "$workingDir" - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION" diff --git a/src/gt-reset.sh b/src/gt-reset.sh index a7b5a85..9cc9349 100755 --- a/src/gt-reset.sh +++ b/src/gt-reset.sh @@ -93,7 +93,7 @@ function gt_reset() { # before we report about missing arguments we check if the working directory exists and # if it is inside of the call location exitIfWorkingDirDoesNotExist "$workingDir" - exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" + exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir" exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION" diff --git a/src/utils.sh b/src/utils.sh index 78abc74..1e71217 100644 --- a/src/utils.sh +++ b/src/utils.sh @@ -85,25 +85,6 @@ function exitIfRemoteDirDoesNotExist() { fi } -function checkIfDirectoryNamedIsOutsideOf() { - local directory name parentDirectory - # shellcheck disable=SC2034 # is passed by name to parseFnArgs - local -ra params=(directory name parentDirectory) - parseFnArgs params "$@" - - local directoryAbsolute parentDirectoryAbsolute - directoryAbsolute="$(realpath "$directory")" - parentDirectoryAbsolute="$(realpath "$parentDirectory")" - if ! [[ "$directoryAbsolute" == "$parentDirectoryAbsolute"* ]]; then - returnDying "the given \033[0;36m%s\033[0m %s is outside of %s" "$name" "$directoryAbsolute" "$parentDirectory" - fi -} - -function exitIfDirectoryNamedIsOutsideOf() { - # shellcheck disable=SC2310 # we are aware of that || will disable set -e for checkIfDirectoryNamedIsOutsideOf - checkIfDirectoryNamedIsOutsideOf "$@" || exit $? -} - function invertBool() { local b=$1 shift 1 || traceAndDie "could not shift by 1"