V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-26 16:25:44 +00:00
parent d54ca7c415
commit 0023ceb83e
1 changed files with 23 additions and 17 deletions
--- a/func/cdi_1250_yaml/1256_yaml_xfiles.sh
+++ b/func/cdi_1250_yaml/1256_yaml_xfiles.sh
@@ -209,37 +209,43 @@ yaml_secret() {
  # shellcheck disable=SC1091 source=./${__SECRETS}
  source "${__SECRETS}"

-  ### Iterate only variables ending in '_value'.
  # shellcheck disable=SC2312
-  mapfile -t __names < <(compgen -A variable 'secrets_*_value')
+  mapfile -t __names < <(printf '%s\n' "${!secrets_@}")

  for __name in "${__names[@]}"; do

-    echo "${__name}"
+    ### Keep only *_value variables
+    [[ "${__name}" == *_value ]] || continue
+    echo "__name ${__name}"

-    ### Value of the generated variable:
+    ### Validate strict Bash identifier (defensive: strip accidental CR).
+    __name="${__name%$'\r'}"
+    [[ "${__name}" =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]] || continue
+    echo "__name ${__name}"
+
+    ### Only read if actually set; indirect check without triggering nounset.
+    if [[ -n "${!__name+x}" ]]; then
      __val="${!__name}"
-    echo "${__val}"
+      echo "__val ${__val}"
+    else
+      __val=""
+      echo "__val ${__val}"
+    fi

-    ### Strip suffix and leading namespace:
-    # secrets_db_password_value -> base="secrets_db_password"
+    ### Strip suffix/prefix for the map key.
    __base="${__name%_value}"
-    echo "${__base}"
-    # secrets_db_password -> path_wo_prefix="db_password"
+    echo "__base ${__base}"
    __path_wo_prefix="${__base#secrets_}"
-    echo "${__path_wo_prefix}"
+    echo "__path_wo_prefix ${__path_wo_prefix}"

-    ### Canonical CISS name:
+    ### Canonical CISS name.
    __varname="$(ciss_secret_varname_from_path "${__path_wo_prefix}")"
-    echo "${__varname}"
+    echo "__varname ${__varname}"

-    ### Assign as global (verbatim, preserves newlines).
+    # Assign verbatim (preserves newlines)
    unset -v "${__varname}"
    declare -g "${__varname}"
-    echo "declare -g ${__varname}"
-
    printf -v "${__varname}" '%s' "${__val}"
-    echo "printf -v ${__varname} ${__val}"

    CISS_SECRETS_MAP["${__path_wo_prefix}"]="${__varname}"