Skip to content

RDKB-63013 update cmake build to parse conf file #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
GoutamD2905 merged 3 commits into from
Feb 19, 2026
+34 −5
Merged

RDKB-63013 update cmake build to parse conf file #29

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a42fa2b
RDKB-63013 update cmake build to parse conf file
Suganya-Sugumar Feb 19, 2026
9582b45
RDKB-63013 update cmake build to parse conf file
Suganya-Sugumar Feb 19, 2026
4d2cf33
RDKB-63013 update cmake build to parse conf file
Suganya-Sugumar Feb 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 34 additions & 5 deletions cov_docker_script/build_native.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ parse_configure_options_file() {
cppflags="${cppflags//\$HOME/$HOME}"
cflags="${cflags//\$HOME/$HOME}"
ldflags="${ldflags//\$HOME/$HOME}"

# Build final options array
[[ -n "$cppflags" ]] && options_array+=("CPPFLAGS=${cppflags% }")
[[ -n "$cflags" ]] && options_array+=("CFLAGS=${cflags% }")
Expand Down Expand Up @@ -335,16 +335,45 @@ run_pre_build_commands() {
# Build with CMake
build_component_cmake() {
cd "$COMPONENT_DIR"

local build_dir cmake_flags make_targets parallel_make
build_dir=$(jq -r '.native_component.build.build_dir // "build"' "$CONFIG_FILE")
cmake_flags=$(jq -r '.native_component.build.cmake_flags // empty' "$CONFIG_FILE")
cmake_flags=$(expand_path "$cmake_flags")
make_targets=$(jq -r '.native_component.build.make_targets[]? // "all"' "$CONFIG_FILE" | tr '\n' ' ')
parallel_make=$(jq -r '.native_component.build.parallel_make // true' "$CONFIG_FILE")

build_cmake "$COMPONENT_DIR" "$build_dir" "$cmake_flags" "$make_targets" "$parallel_make" || return 1


# Parse configure options file if exists
local config_file_path cppflags cflags ldflags
config_file_path=$(jq -r '.native_component.build.configure_options_file // empty' "$CONFIG_FILE")
if [[ -n "$config_file_path" ]]; then
config_file_path=$(expand_path "$config_file_path")
if [[ ! "$config_file_path" = /* ]]; then
config_file_path="$COMPONENT_DIR/$config_file_path"
fi

step "Reading configure options from: $config_file_path"
local parsed_array=()
if parse_configure_options_file "$config_file_path" parsed_array; then
for opt in "${parsed_array[@]}"; do
case $opt in
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the case statement, $opt should be quoted (case "$opt" in) to prevent word splitting and pathname expansion when an option value contains spaces or glob characters. As written, a value like CPPFLAGS=-I/foo -I/bar can break the case parsing or match unintended patterns.

Suggested change
case $opt in
case "$opt" in

Copilot uses AI. Check for mistakes.
CPPFLAGS=*) cppflags="${opt#CPPFLAGS=}" ;;
CFLAGS=*) cflags="${opt#CFLAGS=}" ;;
LDFLAGS=*) ldflags="${opt#LDFLAGS=}" ;;
esac
done
else
err "Failed to parse configure options file (for cmake)"
return 1
fi
fi

# Compose cmake flags
local combined_cmake_flags="$cmake_flags"
[[ -n "$cppflags" ]] && combined_cmake_flags+=" -DCMAKE_C_FLAGS=\"$cppflags $cflags\" -DCMAKE_CXX_FLAGS=\"$cppflags $cflags\""
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

combined_cmake_flags only sets CMAKE_C_FLAGS/CMAKE_CXX_FLAGS when cppflags is non-empty. If the config file provides only CFLAGS (no CPPFLAGS section), those flags will be silently ignored for CMake builds. Consider gating this on cppflags OR cflags (or building the combined flags string first and checking it).

Suggested change
[[ -n "$cppflags" ]] && combined_cmake_flags+=" -DCMAKE_C_FLAGS=\"$cppflags $cflags\" -DCMAKE_CXX_FLAGS=\"$cppflags $cflags\""
# Combine CPPFLAGS and CFLAGS if either is present
local cmake_compile_flags=""
if [[ -n "$cppflags" ]]; then
cmake_compile_flags+="$cppflags"
fi
if [[ -n "$cflags" ]]; then
[[ -n "$cmake_compile_flags" ]] && cmake_compile_flags+=" "
cmake_compile_flags+="$cflags"
fi
if [[ -n "$cmake_compile_flags" ]]; then
combined_cmake_flags+=" -DCMAKE_C_FLAGS=\"$cmake_compile_flags\" -DCMAKE_CXX_FLAGS=\"$cmake_compile_flags\""
fi

Copilot uses AI. Check for mistakes.
[[ -n "$ldflags" ]] && combined_cmake_flags+=" -DCMAKE_EXE_LINKER_FLAGS=\"$ldflags\""
Comment on lines +345 to +374
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The values read from configure_options_file are used to build combined_cmake_flags and then passed to build_cmake, which invokes cmake via eval on a command string including these flags. Because configure_options_file is an external file and its CPPFLAGS/CFLAGS/LDFLAGS content is not shell-escaped, an attacker controlling this file can inject shell metacharacters (e.g. ;, backticks, $(...)) so that eval executes arbitrary commands instead of just passing flags to CMake. To mitigate this, avoid using eval for the CMake invocation and pass flags as properly quoted separate arguments (or rigorously sanitize/escape the contents of cppflags, cflags, and ldflags before composing the command).

Copilot uses AI. Check for mistakes.

build_cmake "$COMPONENT_DIR" "$build_dir" "$combined_cmake_flags" "$make_targets" "$parallel_make" || return 1
return 0
}

Expand Down
Loading