eval is evil.

[vStone]

If somebody would use quotes (or backticks) in some kind of message, using eval would allow them to execute malicious code on purpose or by accident.

IE: If any backticks are used, you would be able to reboot a server.

[aswen]

@vStone Thanks for your comment. Which eval do you mean? And more important: how would you advise me to work around it?

[vStone]

@aswen sorry about the late reply.

I think it would be this eval $(parse_yaml $lastrunfile $yaml_prefix) line.

Our catalog version uses the last commit message, whenever there is a quote in there, the check borks out with: 1: eval: Syntax error: Unterminated quoted string

[bitcrush]

We use a custom catalog version string as well. The following change parses the yaml data properly. I can send in a PR if you like me to.

@@ -128,8 +128,7 @@ usage () {
 parse_yaml () {
    local prefix=$2
    local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
-   sed -ne "s|^\($s\):|\1|" \
+   sed -ne "s|\(\ *config:\) \"\([0-9]\{10,\}\).*|\1 \2|" \
+        -e "s|^\($s\):|\1|" \
         -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
         -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p"  $1 |
    awk -F$fs '{