From nobody Mon May 18 17:52:34 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gK5430Nk8z6fk9D
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Mon, 18 May 2026 17:52:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gK5426vp4z49Xw
	for <dev-commits-src-all@FreeBSD.org>; Mon, 18 May 2026 17:52:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1779126755;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kPt7PSOMZp1hFau17tgZZAgJ+wehKb95SGQ81FkjnLs=;
	b=bATsgjgG6DO8KkHgDdejGyMHABAOecMG6C+yE0j1Ywwb3OcJXRv3GLG6/hF2tllYaM0MiV
	Oa0f0y/vD6egtyi62CJ4kIHHjirsGd3/by4fQpxlB+yfb1V4pLp+HMXy+Uoj7THE4oYBeh
	/SqPjtTSqAdxXTxsinWGMrwrcTUquiPhFDapQviSSj3a0nik9NAmFQ6Ld9iuMGGSRgpjxR
	YrS62v/umUCsPWUgqmHqxNlSQi5E9NEez5R1M2TrOJsRAjo0qBEl3UEO5CNS/ZONW0XQDD
	qVZIGH9pDYfTO4nE9eiE6jw/ZPBowREAgmu3FScIBQNCGKdZRA1d7E1QRJCBpw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779126755; a=rsa-sha256; cv=none;
	b=On8I3yhZdA4siRALu7txOXlf2O+vaTNLKdnhM8LWlLM07kqd9JvLvMspwNWuC+jb+1QeQq
	/n8dQQ8f022kuNRBvE21tWNB8Q/bi5StixrvCfZMJzcFdW9Q5/WXMd61+e8XvoajHHuDEZ
	fFLtuzoODAVohZUI9NOycKvZQ6fvnNtcffpRswEcZ9EAsa7qb9wcFpPtx84lGEgT/bGos/
	rTogonF2zP00O+fKGtnRtESSoN2oyalcav0UYMUMyyzx+XoTn+eQptExGASSe2RcG3mDQc
	Fn2SycM3igGmEHTmTN34Lzvcj1GIRqXtLLZJ6NJDu5wq10/4KVWkDmoTB78Pkw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1779126755;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kPt7PSOMZp1hFau17tgZZAgJ+wehKb95SGQ81FkjnLs=;
	b=ZwjRHcEyMogI5RDw+x9Q78K8assUT+T46ejC0LANfFPXgDI8tyu4LuoAU77DZ04SlaKdiS
	q03ghQ2CzyMuUZIEJ5D/94nh1Osscd/SaUQM3cKXfDtbuHoVmImlH/1JctK7SIpuUFiDSz
	5LFFfB8/BvPFAewoD3qrUAlJT9BDx4hh0KH/HP4Z3tgsirdnmXBJq/nWY3j6rGu38aZgdr
	dtTmUZ00QShZlVDgBcvU25NIOLp7TaMhOGHw5bENBfVjpYw+/AaYe8PNtyh53y3iTL8t+O
	VxZcCMyr3/68KNv1jZSUM5vLlig1TTNjCUsq2PaOUSSBFArNic6BgTh+rQKtbg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gK542684VzfYv
	for <dev-commits-src-all@FreeBSD.org>; Mon, 18 May 2026 17:52:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 231c2
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Mon, 18 May 2026 17:52:34 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Simon J. Gerraty <sjg@FreeBSD.org>
Subject: git: 701d7be6e4a9 - main - Add test cases for safe_eval.sh
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: sjg
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 701d7be6e4a9a145700fdee5c038470b355a0e05
Auto-Submitted: auto-generated
Date: Mon, 18 May 2026 17:52:34 +0000
Message-Id: <6a0b51e2.231c2.48fde819@gitrepo.freebsd.org>

The branch main has been updated by sjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=701d7be6e4a9a145700fdee5c038470b355a0e05

commit 701d7be6e4a9a145700fdee5c038470b355a0e05
Author:     Simon J. Gerraty <sjg@FreeBSD.org>
AuthorDate: 2026-05-18 17:51:18 +0000
Commit:     Simon J. Gerraty <sjg@FreeBSD.org>
CommitDate: 2026-05-18 17:51:18 +0000

    Add test cases for safe_eval.sh
    
    safe_set is the routine that does all the work.
    
    In safe_set; if we replace one=`cmd arg` or two=$(cmd arg) add quotes
    around the result eg. one="_cmd arg_"
    Also lines containing `` or $() are too likely to result in syntax
    errors, so just delete them.
    
    Differential Revision:  https://reviews.freebsd.org/D56795
---
 libexec/rc/safe_eval.sh            |  7 +++-
 libexec/rc/tests/Makefile          |  8 ++++-
 libexec/rc/tests/safe_eval_test.sh | 65 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/libexec/rc/safe_eval.sh b/libexec/rc/safe_eval.sh
index 3b3241ae821d..eb1698472624 100644
--- a/libexec/rc/safe_eval.sh
+++ b/libexec/rc/safe_eval.sh
@@ -28,11 +28,16 @@ fi
 # return a safe variable setting
 # any non-alphanumeric chars other than those in "xtras"
 # will be replaced with '_'
+# Lines containing `` or $() are too likely to result in syntax errors
+# so just delete them.
 #
 # "xtras" should be used with caution and cannot include ';'
 # 
 safe_set() {
-    ${SED:-sed} 's/^[ 	]*//;s/[ 	]*#.*//;s/^:.*//;/^[A-Za-z_][A-Za-z0-9_]*=/!d;s;[^A-Za-z0-9_. 	"'"$1"'$,/=:+-];_;g'
+    ${SED:-sed} -e 's/^[ 	]*//;s/[ 	]*#.*//;s/^:.*//' \
+    -e '/`/d' -e '/\$(/d' \
+    -e '/^[A-Za-z_][A-Za-z0-9_]*=/!d;s;[^A-Za-z0-9_. 	"'"$1"'$,/=:+-];_;g;' \
+    -e '/=.*_.*[ 	]/s,=\(.*\),="\1",;s,"",",g'
 }
 
 ##
diff --git a/libexec/rc/tests/Makefile b/libexec/rc/tests/Makefile
index c44c6db90b77..3a6eafea292d 100644
--- a/libexec/rc/tests/Makefile
+++ b/libexec/rc/tests/Makefile
@@ -1,3 +1,9 @@
-ATF_TESTS_SH+=  rc_subr_test
+ATF_TESTS_SH+=  rc_subr_test safe_eval_test
+
+# allow running this as part of the build - in DIRDEPS_BUILD at least
+.if ${.MAKE.LEVEL} > 0 && ${MACHINE:Nhost*} == ""
+SAFE_EVAL:= ${_PARSEDIR:U${.PARSEDIR:tA}:H}/safe_eval.sh
+.export SAFE_EVAL
+.endif
 
 .include <bsd.test.mk>
diff --git a/libexec/rc/tests/safe_eval_test.sh b/libexec/rc/tests/safe_eval_test.sh
new file mode 100644
index 000000000000..a0f3a2784098
--- /dev/null
+++ b/libexec/rc/tests/safe_eval_test.sh
@@ -0,0 +1,65 @@
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright 2026 Simon J Gerraty
+#
+
+atf_test_case safe_set_reject
+safe_set_reject_head()
+{
+	atf_set "descr" "Verify that safe_set rejects shell meta chars"
+}
+
+safe_set_reject_body()
+{
+	__name="$(atf_get ident)"
+	__input=$(mktemp -t "${__name}.input")
+
+	cat <<'EOF' > "$__input"
+: ignore=this
+# ignore this too
+# avoid # in the middle of a quoted value like:
+# oops="this # will cause synatx error"
+quoted="this and that"
+simple=ok          # trailing comments ignored
+  also=ok          # leading white-space ignored
+	 also_wik=ok
+host=`hostname`'   # backtics - delete line
+os=$(uname -s)     # $() - delete line
+oops=one;hostname' # replace ; with _ so: one_hostname
+regex="prefix[abc-]*" # []* replaced with _
+EOF
+
+	__output=$(safe_set < "$__input" | tr '"\012' '\047;')
+	atf_check_equal "$__output" "quoted='this and that';simple=ok;also=ok;also_wik=ok;oops=one_hostname_;regex='prefix_abc-__';"
+}
+
+
+atf_test_case safe_set_xtras
+safe_set_xtras_head()
+{
+	atf_set "descr" "Verify that safe_set handles extra allowed chars"
+}
+
+safe_set_xtras_body()
+{
+	__name="$(atf_get ident)"
+	__input=$(mktemp -t "${__name}.input")
+
+	cat <<'EOF' > "$__input"
+: ignore=this
+# ignore this too
+regex="prefix[abc-]*"
+EOF
+
+	__output=$(safe_set "[]*" < "$__input" | tr '"\012' '\047;')
+	atf_check_equal "$__output" "regex='prefix[abc-]*';"
+}
+
+atf_init_test_cases()
+{
+	SAFE_EVAL=${SAFE_EVAL:-/libexec/safe_eval.sh}
+	. $SAFE_EVAL
+	atf_add_test_case safe_set_reject
+	atf_add_test_case safe_set_xtras
+}