Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mk / docker-jenkins / bbbb76d46b8ea934fdec9f2ed0ebd49a923496d4
commitbbbb76d46b8ea934fdec9f2ed0ebd49a923496d4[log] [tgz]
authorCharles Duffy <chaduffy@cisco.com>Tue Sep 20 11:42:02 2016 -0500
committerCarlos Sanchez <carlos@apache.org>Mon Sep 26 17:03:10 2016 +0200
tree78f38a00bab8d5ea859e55c79da16dec3443172e
parent9868358cfaac0bc92ec6ae38d9727d0db4c26c65 [diff]
Avoid eval, shell-injection via JAVA_OPTS or JENKINS_OPTS

The intent of using eval when processing JAVA_OPTS or JENKINS_OPTS is to allow arguments with spaces to be passed through and parsed without the bugs given in [BashFAQ #50](http://mywiki.wooledge.org/BashFAQ/050). By using `eval`, however, the issues discussed in [BashFAQ #48](http://mywiki.wooledge.org/BashFAQ/048) are introduced.

Strings containing whitespace can be safely processed with `xargs`, which -- when not used with the non-POSIX extensions `-0` or `-d` -- follows shell quoting conventions in splitting its input stream into arguments.
1 file changed
tree: 78f38a00bab8d5ea859e55c79da16dec3443172e
  1. tests/
  2. .gitmodules
  3. CONTRIBUTING.md
  4. docker-compose.yml
  5. Dockerfile
  6. init.groovy
  7. install-plugins.sh
  8. jenkins-support
  9. jenkins.sh
  10. Jenkinsfile
  11. plugins.sh
  12. README.md
  13. weekly.sh