From f4308ac0c722c37a19d286372bf2cfe86b85704e Mon Sep 17 00:00:00 2001
From: Reid 'arrdem' McKenzie <me@arrdem.com>
Date: Mon, 28 Nov 2022 20:12:43 -0700
Subject: [PATCH] Harden against large inline scripts

Can produce OSError 63 filename too long
---
 src/python/cram/v1.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/python/cram/v1.py b/src/python/cram/v1.py
index eb70efb..e0b7003 100644
--- a/src/python/cram/v1.py
+++ b/src/python/cram/v1.py
@@ -75,17 +75,25 @@ class PackageV1(Package):
             sum = sum.hexdigest()
 
             installf = self.root / content
-            if installf.exists():
-                with open(installf, "r") as fp:
-                    self.do_sh_or_script(fp.read(), fs, dest)
 
-            elif content:
+            def _installf_exists():
+                try:
+                    return installf.exists()
+                except OSError as e:
+                    return False
+
+            if content.startswith("#!") or "\n" in content or not _installf_exists():
                 f = tempf(self.global_config, f"{sum}.sh")
                 f.parent.mkdir(exist_ok=True, parents=True)
                 with open(f, "w") as fp:
                     fp.write(content)
                     fs.exec(cwd, sh(self.global_config, [str(f)]))
 
+            else:
+                with open(installf, "r") as fp:
+                    self.do_sh_or_script(fp.read(), fs, dest)
+
+
     def do_build(self, fs: Vfs, dest: Path):
         self.do_sh_or_script(self.config().get("package", {}).get("build"), fs, dest)