Hi all, sorry for responding this extremely late - one day, I'll get the hang of this email thing; this somehow completely slipped through the cracks.
One of the completely underdocumented things is that path expressions are actually typed, and evaluating them can produce values of a number of types (enum type in patxh.c:60) When you say 'match /some/thing', Augeas simply evaluates the path expression, and afterwards the match command insists that the result of evaluating is a nodeset (T_NODESET) .. playing with this in augtool is made a little harder by augtool doing its own quoting, but if you type 'match 2+2' or 'match "'foo'"' augtool will complain with "Invalid path expression: type error" because those two path expressions evaluate to a number resp. a string, not a nodeset. The upside is that when you do defvar you can set a variable not just to a nodeset, but also to a string - again, in augtool, you need to take some care to get quoting right; for example doing 'defvar x "'foo'"' will set x to the string 'foo', and not the nodeset matching 'foo'. That way, you can get the effect of a 'defconst' by setting a variable to a string. You can also follows Dom's suggestion of using a path expression like /some/path/*[label() = ' strange string with stuff '] or of course /some/path/*[label() = $x]. So richard's example will work with a minor tweak, namely that you need to say 'defvar username "'root'"' in augtool. Note that you use a path like this, call aug_match, and then call aug_get on each of the returned matches, you can still get errors because the paths that aug_match returns can still be invalid - augtool trips over that since calling 'match' in augtool first calls aug_match and then aug_get for each of the paths that aug_match returned. To make up for the extremely slow response, I opened a pull request that hopefully addresses all this: https://github.com/hercules-team/augeas/pull/198 I'd highly appreciate review(s) of these patches as they root around in some Augeas internals that shouldn't be disturbed ;) David On Wed, Dec 10, 2014 at 5:21 AM, Richard W.M. Jones <[email protected]> wrote: > On Wed, Dec 10, 2014 at 12:38:55PM +0000, Dominic Cleal wrote: > > Here's another idea: > > > > get /files/sys/class/net/*[label()='em1']/address/content > > > > Instead of putting the unsanitised content directly into the path, you > > put it into the quoted string, which significantly reduces the amount of > > escaping required. > > > > To escape safely in that string, you'd double any slashes (as there are > > some escape codes) and remove any single quotes (it appears to me that > > escaping quotes doesn't work). > > > > I agree about the direction of an aug_defconst or aug_escape though, the > > API should be able to help more with unsanitised data. > > I'm having a hard time making variables work at all. > > For example, is the second set of commands below supposed to work? > > augtool> get /files/etc/passwd/*[label()='root']/uid > /files/etc/passwd/*[label()='root']/uid = 0 > > augtool> defvar username root > augtool> get /files/etc/passwd/*[label()=$username]/uid > /files/etc/passwd/*[label()=$username]/uid (o) > augtool> get /files/etc/passwd/*[label()='$username']/uid > /files/etc/passwd/*[label()='$username']/uid (o) > augtool> get /files/etc/passwd/*[label()=username]/uid > /files/etc/passwd/*[label()=username]/uid (o) > > _If_ that worked, then implementing aug_defconst would allow us to > sanitize user input quite cleanly. > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat > http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-df lists disk usage of guests without needing to install any > software inside the virtual machine. Supports Linux and Windows. > http://people.redhat.com/~rjones/virt-df/ > > _______________________________________________ > augeas-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/augeas-devel >
_______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
