Add buildparam validation

to minimize risk to OBS operations.

The pattern for jobs deliberately does not have a * or +
to not allow DoS or integer overflows.

Author: bmwiedemann

build

@@ -1370,7 +1370,15 @@ done
 }
 buildparams=()
 if [ -e _buildparams ] ; then
+    local n=0
     while read ARG ; do
+        let n++
+        if ! [[ $ARG =~ ^--jobs=[1-9]$ ]] &&
+           ! [[ $ARG =~ ^--vm-custom-opt=-cpu\ [a-zA-Z0-9=,_+-]+$ ]]
+          then
+            echo "buildparams line $n did not match whitelist in $BASH_SOURCE => skipping"
+            continue
+        fi
         buildparams+=("$ARG")
     done < _buildparams
 fi