[COMMON] Fix ${!name} bashisms pointed out by checkbashisms. Note this kind of indirections can only be replaced directly in POSIX by commands using eval. Security risks must be evaluated for each context where eval is called. For a safe use, the context must ensure that only a limited number of possible constrainted values are passed to eval. https://mywiki.wooledge.org/Bashism#Parameter_Expansions https://mywiki.wooledge.org/BashFAQ/006#Indirection Issue-ID: OOM-264 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62

commit: f3454863133c2979f5091e6881cde3a496b2e12d [log] [tgz]
author: Guillaume Lambert <guillaume.lambert@orange.com> Wed Mar 10 16:09:31 2021 +0100
committer: Krzysztof Opasiak <k.opasiak@samsung.com> Wed May 26 06:55:45 2021 +0000
tree: 65b5d180b3947f9e9b2d0dbae3e683f16939c790
parent: 9970854c6fec9e99bf8c5fd88d2183041a8c9fb7 [diff] [blame]
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 5b65222..ff1908c 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+
 set -e
 
 # first arg is `-f` or `--some-option`
@@ -71,7 +72,8 @@
                 authenticator \
         ; do
                 var="CASSANDRA_${yaml^^}"
-                val="${!var}"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
                         _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
                                 -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
@@ -80,7 +82,8 @@
 
         for rackdc in dc rack; do
                 var="CASSANDRA_${rackdc^^}"
-                val="${!var}"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
                         _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
                                 -r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
commit	f3454863133c2979f5091e6881cde3a496b2e12d	[log] [tgz]
author	Guillaume Lambert <guillaume.lambert@orange.com>	Wed Mar 10 16:09:31 2021 +0100
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	Wed May 26 06:55:45 2021 +0000
tree	65b5d180b3947f9e9b2d0dbae3e683f16939c790
parent	9970854c6fec9e99bf8c5fd88d2183041a8c9fb7 [diff] [blame]