From bfae9d9bfa90a0189d943ca865fa046f510b9922 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Thu, 18 Feb 2021 15:51:08 +0100 Subject: Safer option injection to build scripts Nix isn't very typesafe, but apparently there is at least a `escapeShellArg` function which makes things safe for shell execution. --- front/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/front/default.nix b/front/default.nix index dc3f115..5385de3 100644 --- a/front/default.nix +++ b/front/default.nix @@ -86,8 +86,8 @@ in replace-literal -efsr '"@types/quill": "^1.3.7",' ' '; replace-literal -efsr '"quill": "^1.3.7",' ' '; '' - + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" "${envVars.DEFAULT_MAP_URL}";'' else "") - + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" "${envVars.STUN_SERVER}";'' else ""); + + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" ${lib.escapeShellArg envVars.DEFAULT_MAP_URL};'' else "") + + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" ${lib.escapeShellArg envVars.STUN_SERVER};'' else ""); buildPhase = '' mkdir -p $out -- cgit v1.2.3