aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bin/ax.sh13
-rw-r--r--man/man1/ax.1df6
2 files changed, 9 insertions, 10 deletions
diff --git a/bin/ax.sh b/bin/ax.sh
index 6ce1e9ea..8098125d 100644
--- a/bin/ax.sh
+++ b/bin/ax.sh
@@ -16,12 +16,7 @@ case $# in
;;
esac
-# Form program
-prog=$(printf '
- BEGIN {
- printf "%s\\n", %s
- }
-' "$form" "$expr")
-
-# Run program
-awk "$prog"
+# Important note: there's little stopping the user from putting a fully-fledged
+# Awk program into the expression; don't use this anywhere that code injection
+# could wreck your life. See manual page ax(1df).
+awk -v form="$form" 'BEGIN{printf form,('"$expr"');exit}'
diff --git a/man/man1/ax.1df b/man/man1/ax.1df
index b3218d37..ffdaabe3 100644
--- a/man/man1/ax.1df
+++ b/man/man1/ax.1df
@@ -1,4 +1,4 @@
-.TH AX 1df "July 2016" "Manual page for ax"
+.TH AX 1df "January 2018" "Manual page for ax"
.SH NAME
.B ax
\- evaluate an awk expression
@@ -11,5 +11,9 @@
evaluates an expression given on the command line with awk(1) and prints its
result using awk's printf, with an optional format specified preceding the
expression.
+.SH SECURITY
+Note that the second argument has no evaluation protection on it. There's very
+little to stop a user putting a fully-fledged awk program in as the second
+argument if they needed to. Don't accept untrusted user input in this argument!
.SH AUTHOR
Tom Ryder <tom@sanctum.geek.nz>