msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
9481ac092a484b7b6595d78aca5cfcfd5af2c2ededc2c70589acde00f0b97d85
CISS.debian.live.builder/lib/lib_sanitizer.sh
Marc S. Weidner cbbd855ca7
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m38s
Details
V8.13.294.2025.10.28 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-28 12:01:27 +01:00

146 lines
4.4 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Arguments check wrapper.
# Globals:
# None
# Arguments:
# 1: "$@" of ./ciss_live_builder.sh
#######################################
arg_check() {
declare a
declare sanitized_args=()
for a in "$@"; do
sanitized_args+=("$( sanitize_arg "${a}")")
done
set -- "${sanitized_args[@]}"
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f arg_check
#######################################
# Function to sanitize a single argument,
# Globals:
# LOG_ERROR
# Arguments:
# 1: Argument to check
# Returns:
# 0: on success
# ERR_INVLD_CHAR: on failure
#######################################
sanitize_arg() {
declare input="${1}"
declare disallowed_ctrl=""
### Step 1: Check for control characters
if printf '%s' "${input}" | grep -qP '[[:cntrl:]]'; then
# shellcheck disable=SC2312
disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \
| while read -r c; do printf "%02X " "'${c}"; done)
{
printf "❌ Control character : '%s'. \n" "${disallowed_ctrl}"
printf "❌ in argument : '%s'. \n" "${input}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
printf "\n"
} >> "${LOG_ERROR}"
boot_screen_cleaner
printf "\e[91m❌ Control character : '%s'. \e[0m\n" "${disallowed_ctrl}" >&2
printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2
printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
# shellcheck disable=SC2162
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_INVLD_CHAR}"
fi
### Step 2: Define allowed characters:
### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
declare disallowed
disallowed=$(printf '%s' "${input}" | tr -d "${allowed}")
if [[ -n ${disallowed} ]]; then
{
printf "❌ Invalid character : '%s'. \n" "${disallowed//?/& }"
printf "❌ in argument : '%s'. \n" "${input}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
printf "\n"
} >> "${LOG_ERROR}"
boot_screen_cleaner
printf "\e[91m❌ Invalid character : '%s'. \e[0m\n" "${disallowed//?/& }" >&2
printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2
printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
# shellcheck disable=SC2162
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_INVLD_CHAR}"
else
printf '%s' "${input}"
fi
return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f sanitize_arg
#######################################
# Function to remove any character not in the allowed set.
# Globals:
# None
# Arguments:
# 1: String to Sanitize
#######################################
sanitize_string() {
declare input="$1"
### Define allowed characters:
### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
printf '%s' "${input}" | tr -cd "${allowed}"
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f sanitize_string
#######################################
# Function to escape all shell metacharacters.
# Globals:
# None
# Arguments:
# 1: String to Sanitize
#######################################
sanitize_shell_literal() {
declare input="$1"
### %q quotes the string so that the shell re-reads it as the original literal
printf '%q' "${input}"
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f sanitize_shell_literal
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink