From acb0942903e4d669fd4e20e24b115f697162269b Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Thu, 16 Apr 2026 21:01:23 +0200 Subject: [PATCH] MT#64932 Do not use which(1) output unconditionally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using a variable to hold the pathname for the mysql program, from a which(1) call, hardcode its name in the variable, and then use «command -v» to check whether the command exists and abort otherwise. The pattern of assigning the result of which(1) into a variable is both redundant and unsafe, because the shell already looks for the command on the PATH, and if which(1) cannot find it then we are then executing the command unconditionally where we end up calling the first argument as if it was an actual command, which can be dangerous. Change-Id: I6c31e03b8b20fe037869f2f41954f5ed268434ca --- ngcp-cleanup-voicemail-table | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ngcp-cleanup-voicemail-table b/ngcp-cleanup-voicemail-table index 48d9667..e89bdee 100755 --- a/ngcp-cleanup-voicemail-table +++ b/ngcp-cleanup-voicemail-table @@ -10,7 +10,7 @@ set -eu PID_FILE='/var/lock/voicemail-cleanup.pid' PWD_FILE='/etc/mysql/sipwise_extra.cnf' CFG_FILE='/etc/ngcp-cleanup-tools/voicemail-table-cleanup.conf' -MYSQL="$(which mysql)" +MYSQL=mysql QUERY_COUNT=1 #Duplicating output to logs @@ -27,6 +27,11 @@ my_exit() { echo " $(date): Starting the new process" +if ! command -v "${MYSQL}" >/dev/null ; then + echo "ERROR: Cannot find ${MYSQL}!" >&2 + exit 1 +fi + if [ -e "${PID_FILE}" ] ; then echo "ERROR: The lock file exists." >&2 echo "The previous instance has not exited correctly or still running? Exiting!" >&2