V8.13.294.2025.10.28

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-28 12:01:27 +01:00
parent d7c94122d0
commit cbbd855ca7
5 changed files with 95 additions and 35 deletions
--- a/lib/lib_sanitizer.sh
+++ b/lib/lib_sanitizer.sh
@@ -13,9 +13,11 @@
 guard_sourcing

 #######################################
-# Argument Check Wrapper
+# Arguments check wrapper.
+# Globals:
+#   None
 # Arguments:
-#   $1: "$@" of ./ciss_live_builder.sh
+#   1: "$@" of ./ciss_live_builder.sh
 #######################################
 arg_check() {
  declare a
@@ -25,35 +27,49 @@ arg_check() {
  done
  set -- "${sanitized_args[@]}"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f arg_check

 #######################################
-# Function to sanitize a single argument
+# Function to sanitize a single argument,
 # Globals:
-#   ERR_INVLD_CHAR
 #   LOG_ERROR
 # Arguments:
-#   $1: Argument to check
+#   1: Argument to check
+# Returns:
+#   0: on success
+#   ERR_INVLD_CHAR: on failure
 #######################################
 sanitize_arg() {
  declare input="${1}"
  declare disallowed_ctrl=""
+
  ### Step 1: Check for control characters
  if printf '%s' "${input}" | grep -qP '[[:cntrl:]]'; then
+
+    # shellcheck disable=SC2312
    disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \
-      | while read -r c; do printf "%02X " "'$c"; done)
+      | while read -r c; do printf "%02X " "'${c}"; done)
+
    {
      printf "❌ Control character   : '%s'. \n" "${disallowed_ctrl}"
      printf "❌         in argument : '%s'. \n" "${input}"
      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
      printf "\n"
    } >> "${LOG_ERROR}"
+
    boot_screen_cleaner
+
    printf "\e[91m❌ Control character   : '%s'. \e[0m\n" "${disallowed_ctrl}" >&2
    printf "\e[91m❌         in argument : '%s'. \e[0m\n" "${input}" >&2
    printf "\e[91m❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
+
    # shellcheck disable=SC2162
    read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
+
    exit "${ERR_INVLD_CHAR}"
+
  fi

  ### Step 2: Define allowed characters:
@@ -61,6 +77,7 @@ sanitize_arg() {
  declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
  declare disallowed
  disallowed=$(printf '%s' "${input}" | tr -d "${allowed}")
+
  if [[ -n ${disallowed} ]]; then
    {
      printf "❌ Invalid character   : '%s'. \n" "${disallowed//?/& }"
@@ -68,22 +85,36 @@ sanitize_arg() {
      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
      printf "\n"
    } >> "${LOG_ERROR}"
+
    boot_screen_cleaner
+
    printf "\e[91m❌ Invalid character   : '%s'. \e[0m\n" "${disallowed//?/& }" >&2
    printf "\e[91m❌         in argument : '%s'. \e[0m\n" "${input}" >&2
    printf "\e[91m❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
+
    # shellcheck disable=SC2162
    read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
+
    exit "${ERR_INVLD_CHAR}"
+
  else
+
    printf '%s' "${input}"
+
  fi
+
+  return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f sanitize_arg

 #######################################
-# Function to remove any character not in the allowed set
+# Function to remove any character not in the allowed set.
+# Globals:
+#   None
 # Arguments:
-#   $1: String to Sanitize
+#   1: String to Sanitize
 #######################################
 sanitize_string() {
  declare input="$1"
@@ -92,15 +123,23 @@ sanitize_string() {
  declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
  printf '%s' "${input}" | tr -cd "${allowed}"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f sanitize_string

 #######################################
-# Function to escape all shell metacharacters
+# Function to escape all shell metacharacters.
+# Globals:
+#   None
 # Arguments:
-#   $1: String to Sanitize
+#   1: String to Sanitize
 #######################################
 sanitize_shell_literal() {
  declare input="$1"
  ### %q quotes the string so that the shell re-reads it as the original literal
  printf '%q' "${input}"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f sanitize_shell_literal
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_source_guard.sh
+++ b/lib/lib_source_guard.sh
@@ -11,7 +11,9 @@
 # SPDX-Security-Contact: security@coresecret.eu

 #######################################
-# Prevent the file to be sourced twice.
+# Prevents the file to be sourced twice.
+# Globals:
+#   None
 # Arguments:
 #   1: File to source.
 #######################################
@@ -25,4 +27,7 @@ source_guard() {
    . "${var_file}"
  fi
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f source_guard
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -12,8 +12,12 @@

 #######################################
 # Usage Wrapper CISS.debian.live.builder
+# Globals:
+#   None
 # Arguments:
-#   0: Script name
+#   None
+# Returns:
+#   0: on success
 #######################################
 usage() {
  # shellcheck disable=SC2155
@@ -162,5 +166,10 @@ usage() {
    echo
    echo -e "\e[1;97m${var_footer}\e[0m"
  } | less -R
+
+  return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f usage
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_version.sh
+++ b/lib/lib_version.sh
@@ -16,6 +16,8 @@
 #   VAR_VERSION
 # Arguments:
 #   None
+# Returns:
+#   0: on success
 #######################################
 version() {
  # shellcheck disable=SC2155
@@ -50,5 +52,10 @@ $(echo -e "\e[97m###############################################################
  Bash    : ${var_bash_ver}

 EOF
+
+  return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f version
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh