On 11/9/20 6:29 PM, Greg Wooledge wrote:
> bash version 5.0.3(1)-release, Debian package 5.0-4, amd64.
>
> Prompted by a discussion with someone in IRC.
>
> unicorn:~$ key='$(date >&2)'
> unicorn:~$ declare -A aa
> unicorn:~$ aa[$key]=foo
> unicorn:~$ echo "${aa[$key]}"
> foo
> unicorn:~$ [[ -v aa[$key] ]]
> Mon Nov 9 18:17:30 EST 2020
> bash: aa: bad array subscript
> unicorn:~$ [[ -v 'aa[$key]' ]]
> unicorn:~$
>
> It's well-known that handing an unsanitized index to an *indexed* array
> causes code injection when the index is evaluated in a math context, but
> the code injection from -v with an *associative* array is a new one to me.
> It's especially confusing because it doesn't happen with assignments or
> expansions -- just with -v.
When executing the conditional command, each word is expanded once. The
difference between [[ and [ is that the word isn't split, and that's why
you get an error when you try this with test/[. Then the array subscript is
expanded to determine whether or not it's set, as usual.
When you use assignments or expansions, the subscript is expanded once.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
