diff options
| author |   Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2019-03-18 16:09:51 +0100 |
|---|---|---|
| committer | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2019-03-18 16:09:51 +0100 |
| commit | fdf9798024a2c7f6c6cfc4199434376d0bcc3f7f (patch) | |
| tree | 067c12b4528f19684ef184e7a5df1e76428af328 | |
| parent | c3bdc3210bbaf715805059bfef9b182051b3aa0c (diff) | |
Sanitize input arguments validation
This patch ensures non-positional parameters
are given past positional args. So far mixing
them led to malicious script behaviour.
Change-Id: Idf2b6a57d0cd8561e74e467f68ddc5d086e7a0c0
Issue-ID: OOM-1621
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
| -rwxr-xr-x | build/package.sh | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/build/package.sh b/build/package.sh index c527db2e..a3c1ded2 100755 --- a/build/package.sh +++ b/build/package.sh @@ -31,6 +31,12 @@ crash () { exit "${exit_code}" } +crash_arguments () { + echo "Missing some mandatory arguments!" + usage + exit 1 +} + usage () { echo "Usage:" echo " ./$(basename $0) <project_name> <version> <packaging_target_dir> [--conf <file>] [--force]" @@ -200,16 +206,21 @@ APPLICATION_FILES_IN_PACKAGE="ansible/application" # adjusted accordingly. HELM_CHARTS_DIR_IN_PACKAGE="${APPLICATION_FILES_IN_PACKAGE}/helm_charts" -if [ "$#" -lt 3 ]; then - echo "Missing some mandatory arguments!" - usage - exit 1 +if [ $# -eq 0 ]; then + crash_arguments fi CONF_FILE="" FORCE_REMOVE=0 +arg_ind=0 for arg in "$@"; do shift + ((arg_ind+=1)) + if [[ ${arg} =~ ^[-]{1,2}[a-zA-Z-]+$ && ${arg_ind} -lt 4 ]]; then + echo "Non-positional parameters should follow mandatory arguments!" + usage + exit 1 + fi case "$arg" in -c|--conf) CONF_FILE="$1" ;; @@ -217,6 +228,9 @@ for arg in "$@"; do FORCE_REMOVE=1 ;; *) set -- "$@" "$arg" + if [ "$#" -lt 3 ]; then + crash_arguments + fi ;; esac done |