diff options
author | Adam Warner <me@adamwarner.co.uk> | 2022-09-25 17:51:09 +0300 |
---|---|---|
committer | Adam Warner <me@adamwarner.co.uk> | 2022-09-25 17:51:09 +0300 |
commit | 9debd221796b5b130994b2d9a2775fa814df40be (patch) | |
tree | 16c8b39a19bd175f915ff2786ebe3184e428f70c | |
parent | b6d1bd7335ac1655b22d528b6006cfecf5071b14 (diff) |
If, after reading /pihole.docker.tag into DOCKER_TAG, it does not match an expected pattern, unset it - this should prevent arbitary code from being run
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
-rwxr-xr-x | advanced/Scripts/updatecheck.sh | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 550a7142..a9d7523e 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -37,8 +37,14 @@ rm -f "/etc/pihole/localversions" VERSION_FILE="/etc/pihole/versions" touch "${VERSION_FILE}" chmod 644 "${VERSION_FILE}" + # if /pihole.docker.tag file exists, we will use it's value later in this script -DOCKER_TAG=$(cat file 2>/dev/null) +DOCKER_TAG=$(cat /pihole.docker.tag 2>/dev/null) +regex='^([0-9]+\.){1,2}(\*|[0-9]+)(-.*)?$|(^nightly$)|(^dev.*$)' +if [[ ! "${DOCKER_TAG}" =~ $regex ]]; then + # DOCKER_TAG does not match the pattern (see https://regex101.com/r/RsENuz/1), so unset it. + unset DOCKER_TAG +fi if [[ "$2" == "remote" ]]; then |