diff options
-rw-r--r-- | bin/ax.sh | 17 | ||||
-rw-r--r-- | man/man1/ax.1df | 12 |
2 files changed, 15 insertions, 14 deletions
@@ -3,8 +3,8 @@ # Count arguments case $# in - # If one argument, we assume format is %s - 1) form=%s expr=$1 ;; + # If one argument, we assume format is %s\n + 1) form='%s\n' expr=$1 ;; # If two arguments, first is format, second expression 2) form=$1 expr=$2 ;; @@ -16,12 +16,7 @@ case $# in ;; esac -# Form program -prog=$(printf ' - BEGIN { - printf "%s\\n", %s - } -' "$form" "$expr") - -# Run program -awk "$prog" +# Important note: there's little stopping the user from putting a fully-fledged +# Awk program into the expression; don't use this anywhere that code injection +# could wreck your life. See manual page ax(1df). +awk -v form="$form" 'BEGIN{printf form,('"$expr"');exit}' diff --git a/man/man1/ax.1df b/man/man1/ax.1df index b3218d37..40125167 100644 --- a/man/man1/ax.1df +++ b/man/man1/ax.1df @@ -1,15 +1,21 @@ -.TH AX 1df "July 2016" "Manual page for ax" +.TH AX 1df "January 2018" "Manual page for ax" .SH NAME .B ax \- evaluate an awk expression .SH SYNOPSIS -.B ax '2.0+3.0' +.B ax +\&'2.0+3.0' .br -.B ax %.2f 'sin(2)' +.B ax +\&'%.2f\\n' 'sin(2)' .SH DESCRIPTION .B ax evaluates an expression given on the command line with awk(1) and prints its result using awk's printf, with an optional format specified preceding the expression. +.SH SECURITY +Note that the second argument has no evaluation protection on it. There's very +little to stop a user putting a fully-fledged awk program in as the second +argument if they needed to. Don't accept untrusted user input in this argument! .SH AUTHOR Tom Ryder <tom@sanctum.geek.nz> |