enoch/armbian-build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(#9400 P1b) cli: utils-cli: replace eval with declare -g

Browse Source 
eval "declare -g $name=\"$value\"" is equivalent to the safer
declare -g "${name}=${value}" which avoids code injection risk.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Igor Velkov 2026-03-02 02:50:49 +02:00
parent efb4c684c6
commit 3fc5d517cd
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/functions/cli/utils-cli.sh
View File

@ -65,7 +65,7 @@ function apply_cmdline_params_to_env() {
if [[ -z "${!param_name+x}" ]] || [[ "${current_env_value}" != "${param_value}" ]]; then
display_alert "Applying cmdline param" "'$param_name': '${current_env_value_desc}' --> '${param_value_desc}' ${__my_reason}" "cmdline"
# use `declare -g` to make it global, we're in a function.
eval "declare -g $param_name=\"$param_value\""
declare -g "${param_name}=${param_value}"
else
# rpardini: strategic amount of spacing in log files show the kinda neuroticism that drives me.
display_alert "Skip cmdline param" "'$param_name': already set to '${param_value_desc}' ${__my_reason}" "info"