[BUG] Ampersand mangled when used in an ARG #412

michael-o · 2021-07-08T08:52:06Z

[MANDATORY] Describe the bug [MANDATORY]
When a Bastillefile template receives an ARG value with an ampersand (&) it is mangled down the line by sed(1) because it it not escaped and cannot be escaped.

[MANDATORY] Bastille and FreeBSD version (paste bastille -v && freebsd-version -kru output)
0.8.20210115
12.2-STABLE
12.2-STABLE
12.2-STABLE

[MANDATORY] How did you install bastille? (port/pkg/git)
ports

[optional] Steps to reproduce?
Call a template:

bastille template deblndw013x3j ldadw/base-complete --arg ROOT_FULLNAME="Michael '&' Osipov" ...

template ldadw/base-complete:

ARG ROOT_FULLNAME
...
INCLUDE ldadw/root-config --arg ROOT_FULLNAME="${ROOT_FULLNAME}" ...

template ldadw/root-config:

ARG ROOT_FULLNAME
...
CMD pw usermod root -c "${ROOT_FULLNAME}"

Running Bastille with -x shows:

+ sed -e 's/${JAIL_IP}//g' -e 's/${JAIL_NAME}/deblndw013x3j/g' -e $'s/${ROOT_FULLNAME}/Michael \'&\' Osipov/g' -e 's/${AUTHORIZED_KEYS}/\/tmp\/authorized_keys/g' -e 's/${K5LOGIN}/\/tmp\/k5login/g' -e 's/${FORWARD}/\/tmp\/forward/g' -e 's/${INSTALL_SOFTWARE_FROM}/packages/g'
+ _args=$'ldadw/root-config --arg ROOT_FULLNAME="Michael \'${ROOT_FULLNAME}\' Osipov" --arg AUTHORIZED_KEYS="/tmp/authorized_keys" --arg K5LOGIN="/tmp/k5login" --arg FORWARD="/tmp/forward"'
+ _cmd=template
+ eval $'bastille template deblndw013x3j ldadw/root-config --arg ROOT_FULLNAME="Michael \'${ROOT_FULLNAME}\' Osipov" --arg AUTHORIZED_KEYS="/tmp/authorized_keys" --arg K5LOGIN="/tmp/k5login" --arg FORWARD="/tmp/forward"'
+ bastille template deblndw013x3j ldadw/root-config --arg $'ROOT_FULLNAME=Michael \'\' Osipov' --arg 'AUTHORIZED_KEYS=/tmp/authorized_keys' --arg 'K5LOGIN=/tmp/k5login' --arg 'FORWARD=/tmp/forward'

manpage says:

         An ampersand (“&”) appearing in the replacement is replaced by
         the string matching the RE.  The special meaning of “&” in this
         context can be suppressed by preceding it by a backslash.  The
         string “\#”, where “#” is a digit, is replaced by the text
         matched by the corresponding backreference expression (see
         re_format(7)).

So I tried it, same result:

+ echo 'INCLUDE ldadw/root-config --arg ROOT_FULLNAME="${ROOT_FULLNAME}" --arg AUTHORIZED_KEYS="${AUTHORIZED_KEYS}" --arg K5LOGIN="${K5LOGIN}" --arg FORWARD="${FORWARD}"'
+ awk '{$1=""; sub(/^ */, ""); print;}'
+ eval $'sed -e \'s/${JAIL_IP}//g\' -e \'s/${JAIL_NAME}/deblndw013x3j/g\' -e \'s/${ROOT_FULLNAME}/Michael \'\\\'\'\\\\&\'\\\'\' Osipov/g\' -e \'s/${AUTHORIZED_KEYS}/\\/tmp\\/authorized_keys/g\' -e \'s/${K5LOGIN}/\\/tmp\\/k5login/g\' -e \'s/${FORWARD}/\\/tmp\\/forward/g\' -e \'s/${INSTALL_SOFTWARE_FROM}/packages/g\''
+ sed -e 's/${JAIL_IP}//g' -e 's/${JAIL_NAME}/deblndw013x3j/g' -e $'s/${ROOT_FULLNAME}/Michael \'\\\\&\' Osipov/g' -e 's/${AUTHORIZED_KEYS}/\/tmp\/authorized_keys/g' -e 's/${K5LOGIN}/\/tmp\/k5login/g' -e 's/${FORWARD}/\/tmp\/forward/g' -e 's/${INSTALL_SOFTWARE_FROM}/packages/g'
+ _args=$'ldadw/root-config --arg ROOT_FULLNAME="Michael \'\\${ROOT_FULLNAME}\' Osipov" --arg AUTHORIZED_KEYS="/tmp/authorized_keys" --arg K5LOGIN="/tmp/k5login" --arg FORWARD="/tmp/forward"'
+ _cmd=template
+ eval $'bastille template deblndw013x3j ldadw/root-config --arg ROOT_FULLNAME="Michael \'\\${ROOT_FULLNAME}\' Osipov" --arg AUTHORIZED_KEYS="/tmp/authorized_keys" --arg K5LOGIN="/tmp/k5login" --arg FORWARD="/tmp/forward"'
+ bastille template deblndw013x3j ldadw/root-config --arg $'ROOT_FULLNAME=Michael \'${ROOT_FULLNAME}\' Osipov' --arg 'AUTHORIZED_KEYS=/tmp/authorized_keys' --arg 'K5LOGIN=/tmp/k5login' --arg 'FORWARD=/tmp/forward'

[optional] Expected behavior
The arg value to be passed as-is or escape chars for sed(1) to be respected.

[optional] Additional context
Add any other context about the problem here.

The text was updated successfully, but these errors were encountered:

bmac2 · 2023-10-19T02:33:43Z

@chriswells0 has this one been fixed?? if so what PR / branch?

tobiastom · 2023-10-25T08:55:23Z

Doesn't look to be fixed. Here is a sample Bastillefile to reproduce it:

ARG NAME

CMD echo "My name is $NAME" > /root/my-name
CMD cat /root/my-name

Running it has the following result:

# sudo bastille template foo samples/foo --arg NAME="Me '&' You"
[foo]:
Applying template: samples/foo...
[foo]:
[foo]: 0

[foo]:
My name is 
[foo]: 0

Template applied: succont/foo

bmac2 · 2025-01-14T05:03:37Z

@michael-o this bug is really old. Is it still an issue??? Trying to clean up bugs and figure out what we have left to do.

@yaazkal @tschettervictor

michael-o · 2025-01-14T12:50:22Z

@michael-o this bug is really old. Is it still an issue??? Trying to clean up bugs and figure out what we have left to do.

@yaazkal @tschettervictor

Let me check...

tschettervictor · 2025-01-14T15:47:21Z

#809

michael-o added the bug Something isn't working label Jul 8, 2021

michael-o changed the title ~~[BUG] Ampersand mangled when used in an ARG:q~~ [BUG] Ampersand mangled when used in an ARG Jul 8, 2021

cedwards assigned chriswells0 Jul 14, 2021

tschettervictor linked a pull request Jan 14, 2025 that will close this issue

template: allow & in arg string #809

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Ampersand mangled when used in an ARG #412

[BUG] Ampersand mangled when used in an ARG #412

michael-o commented Jul 8, 2021 •

edited

Loading

bmac2 commented Oct 19, 2023

tobiastom commented Oct 25, 2023

bmac2 commented Jan 14, 2025

michael-o commented Jan 14, 2025

tschettervictor commented Jan 14, 2025

[BUG] Ampersand mangled when used in an ARG #412

[BUG] Ampersand mangled when used in an ARG #412

Comments

michael-o commented Jul 8, 2021 • edited Loading

bmac2 commented Oct 19, 2023

tobiastom commented Oct 25, 2023

bmac2 commented Jan 14, 2025

michael-o commented Jan 14, 2025

tschettervictor commented Jan 14, 2025

michael-o commented Jul 8, 2021 •

edited

Loading