#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu guard_sourcing || return "${ERR_GUARD_SRCE}" ####################################### # Arguments check wrapper. # Globals: # None # Arguments: # 1: "$@" of ./ciss_live_builder.sh ####################################### arg_check() { declare a declare sanitized_args=() for a in "$@"; do sanitized_args+=("$( sanitize_arg "${a}")") done set -- "${sanitized_args[@]}" } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f arg_check ####################################### # Function to sanitize a single argument, # Globals: # LOG_ERROR # Arguments: # 1: Argument to check # Returns: # 0: on success # ERR_INVLD_CHAR: on failure ####################################### sanitize_arg() { declare input="${1}" declare disallowed_ctrl="" ### Step 1: Check for control characters if printf '%s' "${input}" | grep -qP '[[:cntrl:]]'; then # shellcheck disable=SC2312 disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \ | while read -r c; do printf "%02X " "'${c}"; done) { printf "❌ Control character : '%s'. \n" "${disallowed_ctrl}" printf "❌ in argument : '%s'. \n" "${input}" printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n" printf "\n" } >> "${LOG_ERROR}" boot_screen_cleaner printf "\e[91m❌ Control character : '%s'. \e[0m\n" "${disallowed_ctrl}" >&2 printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2 printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2 # shellcheck disable=SC2162 read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m' exit "${ERR_INVLD_CHAR}" fi ### Step 2: Define allowed characters: ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space. declare allowed='a-zA-Z0-9._/=\[\]:"\-+ ' declare disallowed disallowed=$(printf '%s' "${input}" | tr -d "${allowed}") if [[ -n ${disallowed} ]]; then { printf "❌ Invalid character : '%s'. \n" "${disallowed//?/& }" printf "❌ in argument : '%s'. \n" "${input}" printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n" printf "\n" } >> "${LOG_ERROR}" boot_screen_cleaner printf "\e[91m❌ Invalid character : '%s'. \e[0m\n" "${disallowed//?/& }" >&2 printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2 printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2 # shellcheck disable=SC2162 read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m' exit "${ERR_INVLD_CHAR}" else printf '%s' "${input}" fi return 0 } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f sanitize_arg ####################################### # Function to remove any character not in the allowed set. # Globals: # None # Arguments: # 1: String to Sanitize ####################################### sanitize_string() { declare input="$1" ### Define allowed characters: ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space. declare allowed='a-zA-Z0-9._/=\[\]:"\-+ ' printf '%s' "${input}" | tr -cd "${allowed}" } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f sanitize_string ####################################### # Function to escape all shell metacharacters. # Globals: # None # Arguments: # 1: String to Sanitize ####################################### sanitize_shell_literal() { declare input="$1" ### %q quotes the string so that the shell re-reads it as the original literal printf '%q' "${input}" } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f sanitize_shell_literal # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh