From 1a8d6eae79dbcba2bc6f3164a15479fb640c2043 Mon Sep 17 00:00:00 2001
From: Kyle Cronin <cronik@users.noreply.github.com>
Date: Tue, 18 Jan 2022 12:06:15 -0500
Subject: [PATCH] Fix jenkins-plugin-cli JAVA_OPTS handling (#1273)

---
 jenkins-plugin-cli.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/jenkins-plugin-cli.sh b/jenkins-plugin-cli.sh
index 2633ce15..c3030515 100755
--- a/jenkins-plugin-cli.sh
+++ b/jenkins-plugin-cli.sh
@@ -1,3 +1,9 @@
 #!/bin/bash
 
-exec /bin/bash -c "java $JAVA_OPTS -jar /opt/jenkins-plugin-manager.jar $*"
+# read JAVA_OPTS into array to avoid need for eval (and associated vulnerabilities)
+java_opts_array=()
+while IFS= read -r -d '' item; do
+	java_opts_array+=( "$item" )
+done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
+
+exec java "${java_opts_array[@]}" -jar /opt/jenkins-plugin-manager.jar "$@"