From 2a7decbdcb9920a67cef18b326ddd5d294a2cd00 Mon Sep 17 00:00:00 2001
From: Kyrylo Yatsenko <hedrok@gmail.com>
Date: Mon, 23 Jun 2025 13:38:16 +0300
Subject: cli: T6769: check commit arguments

Check usage: `commit [comment COMMENTTEXT]`

Make any other option combination an error and don't
pass other arguments to inner scripts.

Before this commit command `commit` silently accepted any
number of arguments, moreover given
`spam1 comment hi1 spam2 comment hi2 spam3`
parsing script silently ignored first `comment hi1`, has written
`hi2` as comment and passed `spam1 spam2 spam3` to inner script.

There are two options for inner scripts:

/opt/vyatta/sbin/my_commit
    Code in vyatta-cfg/src/cli_bin.cpp$
    argv is used to check script name and passed to doCommit which ignores it

/usr/libexec/vyos/vyconf/bin/vy_commit
    vyos-1x/python/vyos/vyconf_session.py
    In similar way argv is used to determine script name

Both don't use any arguments, so passing and collecting other arguments
seems not needed and confusing
---
 functions/interpreter/vyatta-cfg-run | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

(limited to 'functions')

diff --git a/functions/interpreter/vyatta-cfg-run b/functions/interpreter/vyatta-cfg-run
index b466631..380cfa6 100644
--- a/functions/interpreter/vyatta-cfg-run
+++ b/functions/interpreter/vyatta-cfg-run
@@ -115,29 +115,27 @@ vyatta_config_commit ()
       return 1;
     fi
   fi
-  local comment="commit"
-  local next=0
-  local -a args=()
-  for arg in "$@"; do
-    if [ "$next" == "1" ]; then
-      comment=$arg
-      next=0;
-    elif [ "$arg" == "comment" ]; then
-      next=1
-    elif [ "$arg" == "confirm" ]; then
-      echo Use commit-confirm command
+
+  if [ $# -gt 0 ] ; then
+    if [ $# = 1 ] || [ $# -gt 2 ] || [ "$1" != "comment" ]; then
+      if [ "$1" == "confirm" ]; then
+        echo "Use commit-confirm command"
+        return 1
+      fi
+      echo "Error: commit accepts either no arugments, or optional 'comment'" \
+           "with comment text as second argument."
+      echo -e "\tUsage: 'commit [comment COMMENTTEXT]'"
       return 1;
-    else
-      args[${#args[@]}]="$arg"    
     fi
-  done
+    comment="$2"
+  fi
 
   export COMMIT_COMMENT="$comment"
   export COMMIT_VIA=cli
   if test -f "/var/run/vyconf_backend"; then
-    /usr/libexec/vyos/vyconf/bin/vy_commit "${args[@]}" 2>&1
+    /usr/libexec/vyos/vyconf/bin/vy_commit 2>&1
   else
-    /opt/vyatta/sbin/my_commit "${args[@]}" 2>&1
+    /opt/vyatta/sbin/my_commit 2>&1
   fi
   unset COMMIT_VIA
   unset COMMIT_COMMENT
-- 
cgit v1.2.3