From 575858a3709d03b6348add5721cd02e320b424bf Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Wed, 13 Mar 2019 18:50:33 -0400
Subject: Protect against cmd operands beginning with "-"

---
diff --git a/TODO b/TODO
index f868293..b001674 100644
--- a/TODO
+++ b/TODO
@@ -5,8 +5,6 @@ General Cleanup
 ---------------
 
   * General code auditing and cleanup:
-    - Protect against command operands beginning with "-", e.g.:
-      * `mkdir -p -- "${foo}"` instead of `mkdir -p "${foo}"`
     - Add more error handling.
   * Write manual pages for functions and utilities.
   * Change/update option letters for `ob_parse_dep()`.
diff --git a/lib/changelog.sh b/lib/changelog.sh
index 606282e..00e8332 100644
--- a/lib/changelog.sh
+++ b/lib/changelog.sh
@@ -184,7 +184,7 @@ ob_parse_changelog()
 				;;
 		esac
 	done <<-EOF
-		$(cat "${file}")
+		$(cat -- "${file}")
 		EOF
 
 	if [ x"${expect}" != x'next_or_eof' ]; then
diff --git a/lib/control.sh b/lib/control.sh
index 6e199de..7b2d57d 100644
--- a/lib/control.sh
+++ b/lib/control.sh
@@ -151,7 +151,7 @@ ob_parse_control()
 				;;
 		esac
 	done <<-EOF
-		$(cat "${file}")
+		$(cat -- "${file}")
 		EOF
 
 	if [ -n "${name}" ]; then
diff --git a/lib/metadata/proteanos.sh b/lib/metadata/proteanos.sh
index 6368668..2519433 100644
--- a/lib/metadata/proteanos.sh
+++ b/lib/metadata/proteanos.sh
@@ -104,14 +104,14 @@ _ob_get_distrev()
 
 _ob_get_system_arch()
 {
-	cat "${SYSCONFDIR}/proteanos_arch" 2>/dev/null || return 1
+	cat -- "${SYSCONFDIR}/proteanos_arch" 2>/dev/null || return 1
 
 	return 0
 }
 
 _ob_get_system_plat()
 {
-	cat "${SYSCONFDIR}/proteanos_plat" 2>/dev/null || return 1
+	cat -- "${SYSCONFDIR}/proteanos_plat" 2>/dev/null || return 1
 
 	return 0
 }
diff --git a/lib/package.sh b/lib/package.sh
index 0ade56a..d66d596 100644
--- a/lib/package.sh
+++ b/lib/package.sh
@@ -28,10 +28,10 @@ ob_init_package()
 	local dir="${1}"
 	shift 1 || _ob_abort
 
-	_OB_PACKAGE_DIR="$(cd "${dir}" && pwd)"
+	_OB_PACKAGE_DIR="$(cd -- "${dir}" && pwd)"
 
 	if [ -r "${_OB_PACKAGE_DIR}/format" ]; then
-		case "$(cat "${_OB_PACKAGE_DIR}/format")" in
+		case "$(cat -- "${_OB_PACKAGE_DIR}/format")" in
 			2.0)
 				_OB_PACKAGE_FORMAT='2'
 				;;
diff --git a/lib/package/2.sh b/lib/package/2.sh
index 3e362f4..345eac3 100644
--- a/lib/package/2.sh
+++ b/lib/package/2.sh
@@ -139,7 +139,7 @@ _ob_get_doc_files_2()
 		../changelog changelog.dist
 		../README README.dist
 		EOF
-	cat "${_OB_PACKAGE_DIR}/${doc_pkg}.pkg/docs"
+	cat -- "${_OB_PACKAGE_DIR}/${doc_pkg}.pkg/docs"
 
 	return 0
 }
diff --git a/src/ob-buildopk.sh b/src/ob-buildopk.sh
index cfe7585..185cc20 100644
--- a/src/ob-buildopk.sh
+++ b/src/ob-buildopk.sh
@@ -28,8 +28,8 @@ build_opk()
 	arch="${3}"
 	plat="${4}"
 
-	(cd "${binary}.data" && tar -czf '../data.tar.gz' '.')
-	(cd "${binary}.control" && tar -czf '../control.tar.gz' '.')
+	(cd -- "${binary}.data" && tar -czf '../data.tar.gz' '.')
+	(cd -- "${binary}.control" && tar -czf '../control.tar.gz' '.')
 
 	tar -czf "../../${binary}_${version}_${arch}_${plat}.opk" \
 		'debian-binary' 'data.tar.gz' 'control.tar.gz'
diff --git a/src/ob-gencontrol.sh b/src/ob-gencontrol.sh
index 434e491..94c2471 100644
--- a/src/ob-gencontrol.sh
+++ b/src/ob-gencontrol.sh
@@ -58,7 +58,7 @@ gen_control()
 	# patch opkg and submit a bug report.
 	inst_size=$((($inst_size + 1023) / 1024))
 
-	mkdir -p "${binary}.control"
+	mkdir -p -- "${binary}.control"
 
 	cat >"${binary}.control/control" <<-EOF
 		Package: ${binary}
@@ -121,7 +121,7 @@ install_maintainer_scripts()
 		if [ -L "../${binary}.pkg/${script}" ]; then
 			target="$(ls -l "../${binary}.pkg/${script}")"
 			target="${target#* -> }"
-			ln -s "${target}" "${binary}.control/${script}"
+			ln -s -- "${target}" "${binary}.control/${script}"
 		elif [ -r "../${binary}.pkg/${script}" ]; then
 			cp "../${binary}.pkg/${script}" "${binary}.control/${script}"
 			chmod 755 "${binary}.control/${script}"
@@ -139,7 +139,7 @@ gen_conffiles()
 		find "${binary}.data/etc" -type f | sed "s@^${binary}.data@@" \
 			>"${binary}.control/conffiles"
 		if [ -z "$(head -n 1 "${binary}.control/conffiles")" ]; then
-			rm -f "${binary}.control/conffiles"
+			rm -f -- "${binary}.control/conffiles"
 		else
 			chmod 644 "${binary}.control/conffiles"
 		fi
@@ -156,7 +156,7 @@ gen_md5sums()
 		sed "s@  ${binary}.data@  @" \
 		>"${binary}.control/md5sums"
 	if [ -z "$(head -n 1 "${binary}.control/md5sums")" ]; then
-		rm -f "${binary}.control/md5sums"
+		rm -f -- "${binary}.control/md5sums"
 	else
 		chmod 644 "${binary}.control/md5sums"
 	fi
diff --git a/src/ob-installdocs.sh b/src/ob-installdocs.sh
index e594610..0b3a342 100644
--- a/src/ob-installdocs.sh
+++ b/src/ob-installdocs.sh
@@ -29,22 +29,22 @@ install_docs()
 
 	for src in ${srcs}; do
 		if [ -f "${src}" ]; then
-			if ! mkdir -p "$(dirname "${data_doc_dir}/${dest}")"
+			if ! mkdir -p -- "$(dirname -- "${data_doc_dir}/${dest}")"
 			then
 				ob_error "$(ob_get_msg 'cant_make_doc_dir')"
 				return 1
 			fi
-			if ! cp -R "${src}" "${data_doc_dir}/${dest}"; then
+			if ! cp -R -- "${src}" "${data_doc_dir}/${dest}"; then
 				ob_error "$(ob_get_msg 'cant_cp_doc_file')" "${src}"
 				return 1
 			fi
 		elif [ -d "${src}" ]; then
-			if ! mkdir -p "$(dirname "${data_doc_dir}/${dest}")"
+			if ! mkdir -p -- "$(dirname -- "${data_doc_dir}/${dest}")"
 			then
 				ob_error "$(ob_get_msg 'cant_make_doc_dir')"
 				return 1
 			fi
-			if ! cp -R "${src}/." "${data_doc_dir}/${dest}"; then
+			if ! cp -R -- "${src}/." "${data_doc_dir}/${dest}"; then
 				ob_error "$(ob_get_msg 'cant_cp_doc_file')" "${src}"
 				return 1
 			fi
@@ -80,7 +80,7 @@ main()
 				ob_info "$(ob_get_msg 'docs_already_installed')" "${pkg}"
 			else
 				ob_info "$(ob_get_msg 'installing_docs')" "${pkg}"
-				if ! mkdir -p "${data_doc_dir}"; then
+				if ! mkdir -p -- "${data_doc_dir}"; then
 					ob_error "$(ob_get_msg 'cant_make_doc_dir')"
 					return 1
 				fi
@@ -97,11 +97,11 @@ main()
 				ob_info "$(ob_get_msg 'docs_already_linked')" "${pkg}"
 			else
 				ob_info "$(ob_get_msg 'linking_docs')" "${pkg}"
-				if ! mkdir -p "${data_doc_dir%/*}"; then
+				if ! mkdir -p -- "${data_doc_dir%/*}"; then
 					ob_error "$(ob_get_msg 'cant_make_doc_dir')"
 					return 1
 				fi
-				if ! ln -s "${doc_pkg_doc_dir}" \
+				if ! ln -s -- "${doc_pkg_doc_dir}" \
 						"${data_doc_dir}"; then
 					ob_error "$(ob_get_msg 'cant_ln_doc_dir')"
 					return 1
diff --git a/src/ob-installplatconf.sh b/src/ob-installplatconf.sh
index d980ff8..1ee90cd 100644
--- a/src/ob-installplatconf.sh
+++ b/src/ob-installplatconf.sh
@@ -37,8 +37,8 @@ copy_config()
 		fi
 
 		# Make sure the destination directory exists.
-		dir="(dirname "${dest_base}/${dest}")"
-		if ! mkdir -p "${dir}"; then
+		dir="$(dirname -- "${dest_base}/${dest}")"
+		if ! mkdir -p -- "${dir}"; then
 			ob_error "$(ob_get_msg 'cant_make_config_dest_dir')" \
 				"${dir}"
 			return 1
@@ -64,7 +64,7 @@ copy_config()
 
 		# Copy the config file(s).
 		ob_info "$(ob_get_msg 'copying_config_file')" "${src}" "${dest}"
-		if ! cp -p "${src_base}/${src}" "${dest_base}/${dest}"; then
+		if ! cp -p -- "${src_base}/${src}" "${dest_base}/${dest}"; then
 			ob_error "$(ob_get_msg 'cant_copy_config_file')"
 			return 1
 		fi
diff --git a/src/ob-unpacksource.sh b/src/ob-unpacksource.sh
index 98b2da1..0716257 100644
--- a/src/ob-unpacksource.sh
+++ b/src/ob-unpacksource.sh
@@ -114,7 +114,7 @@ extract_upstream()
 		ob_error "$(ob_get_msg 'cant_unpack_upstream')"
 		return 1
 	fi
-	if ! mv "${upstream_ar_dir}" 'src'; then
+	if ! mv -- "${upstream_ar_dir}" 'src'; then
 		ob_error "$(ob_get_msg 'cant_move_native')"
 		return 1
 	fi
diff --git a/src/opkbuild.sh b/src/opkbuild.sh
index 7392317..4c96098 100644
--- a/src/opkbuild.sh
+++ b/src/opkbuild.sh
@@ -245,7 +245,7 @@ build_source()
 	src_pkg_data_base="src-${src}.data$(ob_get_system_path 'package-source' \
 		"${src}" "${ver}")"
 
-	if ! "${opt_uid0_cmd}" -- mkdir -p "${src_pkg_data_base}"; then
+	if ! "${opt_uid0_cmd}" -- mkdir -p -- "${src_pkg_data_base}"; then
 		ob_error "$(ob_get_msg 'cant_make_src_pkg_dir')"
 		return 1
 	fi
@@ -255,7 +255,7 @@ build_source()
 			../tmp)
 				;;
 			../*)
-				if ! "${opt_uid0_cmd}" -- cp -Rp "${file}" \
+				if ! "${opt_uid0_cmd}" -- cp -Rp -- "${file}" \
 						"${src_pkg_data_base}"; then
 					ob_error "$(ob_get_msg 'cant_install_src_pkg_file')"
 					return 1
@@ -348,12 +348,13 @@ build()
 				return 1
 			;;
 		'install'|'install-'*)
-			if ! ${opt_uid0_cmd} -- ../build "${opt_target}"; then
+			if ! ${opt_uid0_cmd} -- ../build -- "${opt_target}"
+			then
 				return 1
 			fi
 			;;
 		*)
-			if ! ../build "${opt_target}"; then
+			if ! ../build -- "${opt_target}"; then
 				return 1
 			fi
 			;;
--
cgit v0.9.1