dalec icon indicating copy to clipboard operation
dalec copied to clipboard

Published 20 hours ago • verified publisher icon Azure

[BUG] rpm: shell scripts should have macros escaped

Open cpuguy83 opened this issue 7 months ago • 3 comments

Expected Behavior

No response

Actual Behavior

Currently it may be possible to inject custom macros or access things that we aren't expecting and potentially break the build (even accidentally) based on if some value matches an rpmbuild macro.

Steps To Reproduce

As an example: in a build step inject a macro like:

%install
# insert extra stuff not in the yaml artifact spec

Are you willing to submit PRs to contribute to this bug fix?

  • [ ] Yes, I am willing to implement it.

cpuguy83 avatar Jul 18 '24 22:07 cpuguy83