V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/2010_validation_ip.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+#######################################
+# IPv4 validation.
+# Globals:
+#   ERR_INVALID_IPV4
+# Arguments:
+#   $1: IPv4 to validate.
+#######################################
+validation_ipv4() {
+  declare var_ip="$1"
+  ### Single-pass check: 4 octets, each 0-255, no leading zeros (unless the octet is exactly "0")
+  if [[ "${var_ip}" =~ ^((25[0-5]|2[0-4][0-9]|1?[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1?[0-9]{1,2})$ ]]; then
+    do_log "info" "true" "'${var_ip}' seems to be a valid IPv4."
+  else
+    exit "${ERR_INVALID_IPV4}"
+  fi
+}
+
+#######################################
+# IPv6 validation, including
+#   - Standard IPv6 notation with eight groups such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+#   - Shortened notation with :: like 2001:db8::1
+#   - Addresses with embedded IPv4 addresses like ::ffff:192.0.2.128
+#   - Link-local addresses like fe80::1%eth0
+# Globals:
+#   ERR_INVALID_IPV6
+# Arguments:
+#   $1: IPv6 address
+#######################################
+validation_ipv6() {
+  ### Original input (may include %zone).
+  declare var_ip="$1"
+  ### Strip optional zone id, e.g. fe80::1%eth0 -> fe80::1
+  declare var_addr="${var_ip%%\%*}"
+  declare var_has_double_colon=0
+
+  ### Step 1 – IPv4-mapped / -embedded addresses (::ffff:192.0.2.1)
+  if [[ "${var_addr}" == *.* ]]; then
+    declare var_ipv4_part="${var_addr##*:}"
+    validation_ipv4 "${var_ipv4_part}" || exit "${ERR_INVALID_IPV6}"
+    ### Replace IPv4 part by a placeholder, so we can count hextets later
+    var_addr="${var_addr%:*}:0:0"
+  fi
+
+  ### Step 2 – Detect forbidden multiple '::'
+  if [[ "${var_addr}" == *::* ]]; then
+    var_has_double_colon=1
+    ### Remove first '::' and check there is no second one.
+    [[ ${var_addr#*::*} == *::* ]] && exit "${ERR_INVALID_IPV6}"
+  fi
+
+  ### Step 3 – Split into hextets and validate format.
+  declare var_hextet
+  declare -a var_segments
+  IFS=':' read -ra var_segments <<< "${var_addr}"
+  declare seg_count=${#var_segments[@]}
+
+  for var_hextet in "${var_segments[@]}"; do
+    ### Empty ⇔ part of '::' compression
+    [[ -z "${var_hextet}" ]] && continue
+    [[ "${var_hextet}" =~ ^[0-9a-fA-F]{1,4}$ ]] || exit "${ERR_INVALID_IPV6}"
+  done
+
+  ### Step 4 – Check total hextet count.
+  if (( var_has_double_colon )); then
+    (( seg_count <= 8 )) || exit "${ERR_INVALID_IPV6}"
+  else
+    (( seg_count == 8 )) || exit "${ERR_INVALID_IPV6}"
+  fi
+
+  ### Success
+  do_log "info" "true" "'${var_ip}' seems to be a valid IPv6."
+}
+
+#######################################
+# Port validation.
+# Globals:
+#   ERR_INVALID_PORT
+# Arguments:
+#   $1: Port number
+#######################################
+validation_port() {
+  declare var_port="$1"
+  if [[ "${var_port}" =~ ^[0-9]+$ ]] && (( var_port >= 1 && var_port <= 65535 )); then
+    do_log "info" "true" "'${var_port}' seems to be a valid port."
+  else
+    do_log "error" "false" "'${var_port}' seems to be NOT a valid port."
+    exit "${ERR_INVALID_PORT}"
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh