From 999ca7dade519ad5757f07a9c488b326a5e7d785 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 14 Sep 2023 11:42:16 +0200
Subject: scanner: restrict include directive to regular files

Similar to previous change, also check all

include "foo"

and reject those if they refer to named fifos, block devices etc.

Directories are still skipped, I don't think we can change this
anymore.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1664
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/bogons/nft-f/include-device | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 tests/shell/testcases/bogons/nft-f/include-device

(limited to 'tests/shell/testcases/bogons')

diff --git a/tests/shell/testcases/bogons/nft-f/include-device b/tests/shell/testcases/bogons/nft-f/include-device
new file mode 100644
index 00000000..1eb79773
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/include-device
@@ -0,0 +1 @@
+include "/dev/null"
-- 
cgit v1.2.3