fix: don't run arbitrary commands with script

* scripts are now called with their absolute paths instead of ./
tulilirockz · Aug 13, 2023 · dc97fa4 · dc97fa4
1 parent bbb1cc8
commit dc97fa4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/config/recipe.yml b/config/recipe.yml
@@ -5,16 +5,16 @@ image-version: 38
 
 modules:
   - type: script
-    run: # commands directly run inside scripts directory
-      - ./autorun.sh pre
+    scripts:
+      - autorun.sh pre
 
   - from-file: common-packages.yml # paths relative to "config" directory
 
   - type: script
-    run:
+    scripts:
       # this sets up the proper policy & signing files for signed images to work
-      - ./signing.sh 
-      - ./autorun.sh post
+      - signing.sh 
+      - autorun.sh post
 
 
   - type: yafti # no need for an enable-disable key, inclusion implicitly enables

diff --git a/modules/script/script.sh b/modules/script/script.sh
@@ -3,13 +3,13 @@
 # Tell build process to exit if there are any errors.
 set -oue pipefail
 
-get_yaml_array RUN '.run[]' "$1"
+get_yaml_array SCRIPTS '.scripts[]' "$1"
 
 cd "$CONFIG_DIRECTORY/scripts"
 
 find "$PWD" -type f -exec chmod +x {} \;
 
-for CMD in "${RUN[@]}"; do
-    echo "Running command: $CMD"
-    eval "$CMD"
+for SCRIPT in "${SCRIPTS[@]}"; do
+    echo "Running script $SCRIPT"
+    eval "$PWD/$SCRIPT"
 done