From c30096e95f4e7cc9ff055cbd045945a274ea0ad9 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@gmail.com>
Date: Tue, 10 Apr 2018 21:13:04 -0400
Subject: [PATCH] no relative path to parents allowed in tar references

---
 Makefile                                      | 11 +---
 archive.go                                    |  7 +-
 .../.bashful/downloads/compile-something.sh   | 66 +++++++++++++++++++
 3 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100755 example/.bashful/downloads/compile-something.sh

diff --git a/Makefile b/Makefile
index a07a825..2b0b657 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,4 @@
+SHELL := /bin/bash
 .DEFAULT_GOAL := ci
 TARGETS := $(shell ls scripts) 
 .PHONY: run clean $(TARGETS)
@@ -6,14 +7,8 @@ $(TARGETS):
 	./scripts/$@
 
 run:
-	make build
-	rm -f 16-bundle-manifest.bundle
-	rm -rf /tmp/bashful.*
-	./dist/bashful bundle example/16-bundle-manifest.yml
-	./16-bundle-manifest.bundle
-
-	# go run main.go task.go config.go screen.go download.go log.go \
-	# run example/16-bundle-manifest.yml
+	go run main.go task.go config.go screen.go download.go log.go archive.go \
+	run example/00-demo.yml
 
 examples: clean build
 	./dist/bashful run example/00-demo.yml
diff --git a/archive.go b/archive.go
index 23fd9cb..0316c9e 100644
--- a/archive.go
+++ b/archive.go
@@ -3,6 +3,7 @@ package main
 import (
 	"archive/tar"
 	"compress/gzip"
+	"errors"
 	"io"
 	"os"
 	"path/filepath"
@@ -81,7 +82,8 @@ func (archiver *archive) Archive(srcPath string, preservePath bool) error {
 		fields := strings.Split(srcPath, string(os.PathSeparator))
 		for idx := range fields {
 			path := strings.Join(fields[:idx+1], string(os.PathSeparator))
-			archiver.addTarFile(path, path)
+			err := archiver.addTarFile(path, path)
+			checkError(err, "Unable to archive file")
 		}
 	}
 
@@ -89,6 +91,9 @@ func (archiver *archive) Archive(srcPath string, preservePath bool) error {
 }
 
 func (archiver *archive) addTarFile(path, name string) error {
+	if strings.Contains(path, "..") {
+		return errors.New("Path cannot contain a relative marker of '..': " + path)
+	}
 	fi, err := os.Lstat(path)
 	if err != nil {
 		return err
diff --git a/example/.bashful/downloads/compile-something.sh b/example/.bashful/downloads/compile-something.sh
new file mode 100755
index 0000000..ac3f3de
--- /dev/null
+++ b/example/.bashful/downloads/compile-something.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# From: https://codegolf.stackexchange.com/questions/30322/make-it-look-like-im-working
+
+collect()
+{
+    while read line;do
+        if [ -d "$line" ];then
+            (for i in "$line"/*;do echo $i;done)|shuf|collect
+            echo $line
+        elif [[ "$line" == *".h" ]];then
+            echo $line
+        fi
+    done
+}
+
+sse="$(awk '/flags/{print;exit}' </proc/cpuinfo|grep -o 'sse\S*'|sed 's/^/-m/'|xargs)"
+
+flags=""
+pd="\\"
+count=$1
+
+while true;do
+    collect <<< /usr/include|cut -d/ -f4-|
+    (
+        while read line;do
+            count=$(($count-1))
+            if [[ $count -le 0 ]]; then
+                exit 0
+            fi
+            if [ "$(dirname "$line")" != "$pd" ];then
+                x=$((RANDOM%8-3))
+                if [[ "$x" != "-"* ]];then
+                    ssef="$(sed 's/\( *\S\S*\)\{'"$x,$x"'\}$//' <<< "$sse")"
+                fi
+                pd="$(dirname "$line")"
+                opt="-O$((RANDOM%4))"
+                if [[ "$((RANDOM%2))" == 0 ]];then
+                    pipe=-pipe
+                fi
+                case $((RANDOM%4)) in
+                    0) arch=-m32;;
+                    1) arch="";;
+                    *) arch=-m64;;
+                esac
+                if [[ "$((RANDOM%3))" == 0 ]];then
+                    gnu="-D_GNU_SOURCE=1 -D_REENTRANT -D_POSIX_C_SOURCE=200112L "
+                fi
+                flags="gcc -w $(xargs -n1 <<< "opt pipe gnu ssef arch"|shuf|(while read line;do eval echo \$$line;done))"
+            fi
+            if [ -d "/usr/include/$line" ];then
+                echo $flags -shared $(for i in /usr/include/$line/*.h;do cut -d/ -f4- <<< "$i"|sed 's/h$/o/';done) -o "$line"".so"
+                sleep .$RANDOM
+            else
+                line=$(sed 's/h$//' <<< "$line")
+                echo $flags -c $line"c" -o $line"o"
+                sleep .1
+            fi
+            
+        done
+    )
+    count=$(($count-1))
+    if [[ $count -le 0 ]]; then
+        exit 0
+    fi
+done
\ No newline at end of file