diff options
Diffstat (limited to 'etc/README.md')
| -rw-r--r-- | etc/README.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/README.md b/etc/README.md index 908675bf..ef3fd74e 100644 --- a/etc/README.md +++ b/etc/README.md @@ -968,6 +968,14 @@ by setting ``ARG_MIRROR_DNAME_GIT=...``. [//]: # "{{{ 4.7. Bourne shell coding rules" ## 4.7. Bourne shell coding rules +> N.B. Input sanitisation is mandatory whenever input may form part of a parameter name, most usually +when indexing with input as a key into a (pseudo-)hash, e.g. PKG_ZSH_<...input...>; failing to do so +may introduce security vulnerabilities (e.g.: $(arbitrary_command) and ${arbitrary_variable} facilitating +code execution and information disclosure, resp.) +Do not use this code and these coding rules if this is not possible or impractical. + +*(reproduced from [[shrtl](https://github.com/lalbornoz/shrtl/blob/master/README.md)])* + If no rationale is specified for any specific point, the rationale is avoidance of undefined behaviour and/or implicit behaviour contingent on often subtle special cases, both of which are prone to cause hard to debug or even diagnose bugs. |