diff options
| -rwxr-xr-x | debian/rules | 2 | ||||
| -rw-r--r-- | src/validate_value.ml | 19 |
2 files changed, 15 insertions, 6 deletions
diff --git a/debian/rules b/debian/rules index b3ff1c6..e3462af 100755 --- a/debian/rules +++ b/debian/rules @@ -9,7 +9,7 @@ override_dh_auto_build: eval `opam env` mkdir -p _build ocamlfind ocamlopt -o _build/numeric -package num -linkpkg src/numeric.ml - ocamlfind ocamlopt -o _build/validate-value -package pcre,unix -linkpkg src/validate_value.ml + ocamlfind ocamlopt -o _build/validate-value -package pcre,unix,containers -linkpkg src/validate_value.ml override_dh_auto_install: mkdir -p $(DIR)/usr/libexec/vyos/validators diff --git a/src/validate_value.ml b/src/validate_value.ml index 250f9f1..02cd15a 100644 --- a/src/validate_value.ml +++ b/src/validate_value.ml @@ -1,23 +1,27 @@ type check = Regex of string | Exec of string -let validate_value value_constraint value = +let validate_value buf value_constraint value = match value_constraint with | Regex s -> (try let _ = Pcre.exec ~pat:s value in true with Not_found -> false) | Exec c -> - (* XXX: Using Unix.system is a bad idea on multiple levels, + (* XXX: Unix.open_process_in is "shelling out", which is a bad idea on multiple levels, especially when the input comes directly from the user... We should do something about it. *) - let result = Unix.system (Printf.sprintf "%s \'%s\'" c value) in + let chan = Unix.open_process_in (Printf.sprintf "%s \'%s\' 2>&1" c value) in + let out = try CCIO.read_all chan with _ -> "" in + let result = Unix.close_process_in chan in match result with | Unix.WEXITED 0 -> true | Unix.WEXITED 127 -> let () = Printf.printf "Could not execute validator %s" c in false - | _ -> false + | _ -> + let () = Buffer.add_string buf out; Buffer.add_string buf "\n" in + false let value = ref "" @@ -33,10 +37,15 @@ let usage = Printf.sprintf "Usage: %s [OPTIONS] <number>" Sys.argv.(0) let () = Arg.parse args (fun _ -> ()) usage let _ = + let buf = Buffer.create 4096 in let value = !value in let checks = !checks in match checks with | [] -> exit 0 | _ -> - List.iter (fun c -> if (validate_value c value) then exit 0 else ()) checks; + List.iter (fun c -> if (validate_value buf c value) then exit 0 else ()) checks; + (* If we got this far, value validation failed. + Show the user output from the validators. + *) + Buffer.contents buf |> print_endline; exit 1 |