• 7 Posts
  • 379 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • No, you’re still misunderstanding what’s being done. ${server_service} is an injected string, the string is the whole contents of the file. That file is not stored locally on the server, except through being injected here(by a terraform file template). And no, printf won’t be any better than echo because its not format string, and I don’t want any formatting from printf applied to it.


  • I’m reading this and interpreting that line 27 of that script is

    And your interpretation is wrong. Line 27 is actuallly

    sudo echo "${server_service}" > /lib/systemd/system/server.service

    ${server_service} is read from the file I posted in the 2nd image. Since it was a test script I hadn’t bothered implementing any escaping tools, I wanted to make sure terraform allowed this first.





  • No, because neither of those are the inputs. The input was the systemd file in the image. The whole command was not printed in the error, only surrounding context. The single-quote was indicating the ending of that context(because it was the end of the line) printed by the error.

    The same thing was done with `)' on the first line of error



  • Sadly no, its injected with terraform templatefile, I already looked for a normal way to autoescape it, but from a brief look I couldn’t find one. I know there is a replace function that can take regex(RE2, which from my understanding prohibits * in lookbehinds)- but the simplest regex I could think of at nearly 6am for capturing only non-escaped quotes is /(?:^|[^\\])(?:(?:\\\\)+|[^\\]|^)(?'quote'")/gm. Though, I just realized if the quotes are escaped I would want to double escape them, so actually replacing all quotes with escaped quotes should be fine, also another limitation of this method is lines can’t have trailing \