Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Check]: Warn about colon-separated argument in sandbox functions #644

Closed
1 task done
ulm opened this issue Dec 27, 2023 · 0 comments · Fixed by #648
Closed
1 task done

[New Check]: Warn about colon-separated argument in sandbox functions #644

ulm opened this issue Dec 27, 2023 · 0 comments · Fixed by #648
Assignees
@arthurzam
Labels
bash requires bash-parsing support check

Comments

@ulm
Copy link
Contributor

ulm commented Dec 27, 2023

Is there an existing such new check request for this?

  • I have searched the existing issues

Explain

According to PMS and the Devmanual, only a single item is allowed as argument for addread, addwrite, adddeny and addpredict:
https://projects.gentoo.org/pms/8/pms.html#x1-12300012.3.3
https://devmanual.gentoo.org/function-reference/sandbox-functions/

Especially, multiple path items should not be passed as a colon-separated list.

Corresponding Portage PR: gentoo/portage#1213

Examples

https://github.com/gentoo/gentoo/blob/fb8ecab9407d58520dd4c4658879f00e52e26d02/dev-db/sqlite/sqlite-3.44.2-r1.ebuild#L367
https://github.com/gentoo/gentoo/blob/fb8ecab9407d58520dd4c4658879f00e52e26d02/sys-boot/grub/grub-2.12.ebuild#L289

Output message

No response

Documentation

No response

Result level

None
@ulm ulm added the check label Dec 27, 2023
@arthurzam arthurzam added the bash requires bash-parsing support label Dec 28, 2023
@arthurzam arthurzam self-assigned this Jan 13, 2024
arthurzam added a commit to arthurzam/pkgcheck that referenced this issue Jan 13, 2024
@arthurzam
SandboxCallCheck: new check for invalid sandbox calls
09f7098 
Catches multiple arguments passed to function, and colon separated path.

Resolves: pkgcore#644
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
@arthurzam arthurzam mentioned this issue Jan 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthurzam arthurzam

Labels
bash requires bash-parsing support check
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SandboxCallCheck: new check for invalid sandbox calls arthurzam/pkgcheck
2 participants
@ulm @arthurzam