From 049f1d1434c5e3dc5f1c6a0d57711b33911c3b12 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Sun, 14 Apr 2019 01:36:13 -0400
Subject: Protect against cmd operands beginning with "-"

---
(limited to 'src/db.sh')

diff --git a/src/db.sh b/src/db.sh
index 4069621..944d701 100644
--- a/src/db.sh
+++ b/src/db.sh
@@ -35,7 +35,7 @@ db_get_srcver()
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}"
 	if [ -f "${dir}/srcver" ]; then
-		cat "${dir}/srcver"
+		cat -- "${dir}/srcver"
 	fi
 
 	return 0
@@ -52,7 +52,7 @@ db_set_srcver()
 
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}"
-	mkdir -p "${dir}"
+	mkdir -p -- "${dir}"
 	printf '%s\n' "${srcver}" >"${dir}/srcver"
 
 	return 0
@@ -68,9 +68,9 @@ db_del_srcver()
 
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}"
-	rm -f "${dir}/srcver"
+	rm -f -- "${dir}/srcver"
 	# Remove ".../.db/<hash>/<source>".
-	rmdir "${dir}"
+	rmdir -- "${dir}"
 	# Try to remove ".../.db/<hash>" and ".../.db".
 	for dir in "${dir%/*}" "${dir%/*/*}"; do
 		try_rmdir "${dir}" || break
@@ -92,7 +92,7 @@ db_get_binver()
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}"
 	if [ -f "${dir}/binver" ]; then
-		cat "${dir}/binver"
+		cat -- "${dir}/binver"
 	fi
 
 	return 0
@@ -111,7 +111,7 @@ db_set_binver()
 
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}"
-	mkdir -p "${dir}"
+	mkdir -p -- "${dir}"
 	printf '%s\n' "${binver}" >"${dir}/binver"
 
 	return 0
@@ -129,9 +129,9 @@ db_del_binver()
 
 	dir="${base_dir}/feeds/${chan}/${dist}/.db"
 	dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}"
-	rm -f "${dir}/binver"
+	rm -f -- "${dir}/binver"
 	# Remove ".../.db/<hash>/<source>/<arch>_<plat>".
-	rmdir "${dir}"
+	rmdir -- "${dir}"
 
 	return 0
 }
@@ -202,7 +202,7 @@ db_get_packages()
 	dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db"
 	dir="${dir}/${binver}_${arch}_${plat}"
 	if [ -f "${dir}/packages" ]; then
-		cat "${dir}/packages"
+		cat -- "${dir}/packages"
 	fi
 
 	return 0
@@ -222,7 +222,7 @@ db_add_package()
 
 	dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db"
 	dir="${dir}/${binver}_${arch}_${plat}"
-	mkdir -p "${dir}"
+	mkdir -p -- "${dir}"
 	printf '%s %s %s\n' "${size}" "${sect}" "${pkg}" >>"${dir}/packages"
 
 	return 0
@@ -239,9 +239,9 @@ db_del_packages()
 
 	dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db"
 	dir="${dir}/${binver}_${arch}_${plat}"
-	rm -f "${dir}/packages"
+	rm -f -- "${dir}/packages"
 	# Remove "pool/<hash>/<source>/.db/<binver>_<arch>_<plat>".
-	rmdir "${dir}"
+	rmdir -- "${dir}"
 	# Try to remove "pool/<hash>/<source>/.db".
 	try_rmdir "${dir%/*}" || :
 
@@ -261,11 +261,11 @@ db_inc_references()
 	dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db"
 	dir="${dir}/${binver}_${arch}_${plat}"
 	if [ -f "${dir}/references" ]; then
-		refs="$(cat "${dir}/references")"
+		refs="$(cat -- "${dir}/references")"
 		refs=$((${refs} + 1))
 	else
 		refs=1
-		mkdir -p "${dir}"
+		mkdir -p -- "${dir}"
 	fi
 	printf '%d\n' "${refs}" >"${dir}/references"
 	printf '%d\n' "${refs}"
@@ -292,7 +292,7 @@ db_dec_references()
 		refs=0
 	fi
 	if [ ${refs} -eq 0 ]; then
-		rm -f "${dir}/references"
+		rm -f -- "${dir}/references"
 	else
 		printf '%d\n' "${refs}" >"${dir}/references"
 	fi
--
cgit v0.9.1