On 05/12/14 18:02, Laine Stump wrote: > I want to sanitize the path sent to aug_get(aug, path, &result) (and > probably other functions, and it's not clear to me what characters are > considered "special", nor how to escape them in the string. An example > of this, let's say I want to know the mac address of a user-supplied > network interface, so I do this: > > sprintf(&path, "/files/sys/class/net/%s/address/content", intf) > > r = aug_match(aug, path, &mac); > > If the interface name contains special characters interpreted by > aug_match's "xpath-like" parser, then I won't necessarily get back the > results I expected. > [snip] > One person suggested creating an augeas variable whose value was the > contents of intf, then referencing that variable in the path sent to > aug_match(); unfortunately, having a path string like this: > > /files/sys/class/net/$interface/address/content > > seems to never work. For that matter, defining a variable that contains > the entire path, then calling aug_get(aug, "$interface", &mac) doesn't > even do what I want - variable substitution does work when the *entire > path string* is "$variableName", but the xpath-like evaluation still > takes place, so the special characters are still interpreted and acted on.
Here's another idea: get /files/sys/class/net/*[label()='em1']/address/content Instead of putting the unsanitised content directly into the path, you put it into the quoted string, which significantly reduces the amount of escaping required. To escape safely in that string, you'd double any slashes (as there are some escape codes) and remove any single quotes (it appears to me that escaping quotes doesn't work). I agree about the direction of an aug_defconst or aug_escape though, the API should be able to help more with unsanitised data. -- Dominic Cleal Red Hat Engineering _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
