From 364fea9a1d348e3fefa3fa189062e5c6a669b3e2 Mon Sep 17 00:00:00 2001
From: Ayush Agarwal <ayushnix@fastmail.com>
Date: Sat, 19 Feb 2022 22:28:16 +0530
Subject: refactor: add optional patch to set explicit paths

if someone wants to set explicit and not execute arbitrary binaries,
they can patch tessen using this file
---
 explicit_path.patch | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 explicit_path.patch

diff --git a/explicit_path.patch b/explicit_path.patch
new file mode 100644
index 0000000..ed1e404
--- /dev/null
+++ b/explicit_path.patch
@@ -0,0 +1,20 @@
+diff --git a/tessen b/tessen
+index fd5e6fd..d500141 100755
+--- a/tessen
++++ b/tessen
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/bash
+ # SPDX-License-Identifier: GPL-2.0-or-later
+ # Copyright (C) 2021 Ayush Agarwal <ayushnix at fastmail dot com>
+ #
+@@ -7,6 +7,9 @@
+ # tessen - a data selection interface for pass and gopass on Wayland
+ # ------------------------------------------------------------------------------
+ 
++# set the path explicitly to avoid executing arbitrary user owned binaries
++export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++
+ # don't leak password data if debug mode is enabled
+ set +x
+ 
-- 
cgit v1.2.3