Security: Explicitly define IFS to prevent misuse.

The scripts are written with certain expectations.
This expectation may not be properly met if the `IFS` value is changed.
This can potentially be used to create some sort of exploit.

Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting.

diff --git a/build/scripts/bootstrap-example.sh b/build/scripts/bootstrap-example.sh
index ce4b44e412395a3c109f672758c487864aae5e90..282d986f74363c9cecc31e9ce5cdb11e646e2f0b 100644 (file)
--- a/build/scripts/bootstrap-example.sh
+++ b/build/scripts/bootstrap-example.sh
@@ -42,6 +42,8 @@
 #
 
 main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
   fi

diff --git a/build/scripts/bootstrap.sh b/build/scripts/bootstrap.sh
index eedaadcd2b069f9b173db73fe55028760677f9f3..82192794bc06cb0b257ff153110755263c4030e7 100644 (file)
--- a/build/scripts/bootstrap.sh
+++ b/build/scripts/bootstrap.sh
@@ -13,6 +13,7 @@
 #
 
 bootstrap_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
@@ -3035,4 +3036,4 @@ bootstrap_cleanup() {
   unset bootstrap_cleanup
 }
 
-bootstrap_main $*
+bootstrap_main ${*}

diff --git a/build/scripts/generate_codepoints_from_digits.sh b/build/scripts/generate_codepoints_from_digits.sh
index 1bc3410627ceb64e2761d9e2cd398d61effebebd..fe7d3a469ed1439a016acb6821f0408a2b422754 100644 (file)
--- a/build/scripts/generate_codepoints_from_digits.sh
+++ b/build/scripts/generate_codepoints_from_digits.sh
@@ -9,6 +9,8 @@
 #
 
 main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local -i first="$1"
   local -i last="$2"
 

diff --git a/build/scripts/generate_ctags.sh b/build/scripts/generate_ctags.sh
index 5d1e8a6009ba7a8eb1708bce2ff709c7e0438387..c07d81a1dcb1b64da0c40187360a8b2082538311 100644 (file)
--- a/build/scripts/generate_ctags.sh
+++ b/build/scripts/generate_ctags.sh
@@ -10,6 +10,7 @@
 #
 
 main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
@@ -290,4 +291,4 @@ generate_ctags_cleanup() {
   unset generate_ctags_cleanup
 }
 
-main $*
+main ${*}

diff --git a/build/scripts/generate_unicode.sh b/build/scripts/generate_unicode.sh
index 9815ff130d6d76f2e4965f19efbf6d88db81d7b5..b339669eebb9ac0e68dbeb276cd6e828c367d463 100644 (file)
--- a/build/scripts/generate_unicode.sh
+++ b/build/scripts/generate_unicode.sh
@@ -11,6 +11,8 @@
 #
 
 main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_input="codes.txt"
   local mode=$1
   local code=

diff --git a/build/scripts/install.sh b/build/scripts/install.sh
index 2c7f9784ea1f28bd6602569c13b15edfb7ed9cb8..e0cf85388ff63320f986221c6d3dbcfb666dc2fb 100644 (file)
--- a/build/scripts/install.sh
+++ b/build/scripts/install.sh
@@ -14,6 +14,7 @@
 #
 
 install_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
@@ -877,4 +878,4 @@ install_cleanup() {
   unset install_cleanup
 }
 
-install_main $*
+install_main ${*}

diff --git a/build/scripts/package.sh b/build/scripts/package.sh
index 6446488a11facdf87d9e70804dea12c6cb8fab69..3ec93d34edf883d96b08426b3485cb05b2b98d44 100644 (file)
--- a/build/scripts/package.sh
+++ b/build/scripts/package.sh
@@ -12,6 +12,7 @@
 #
 
 package_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
@@ -2438,4 +2439,4 @@ package_cleanup() {
   unset package_cleanup
 }
 
-package_main $*
+package_main ${*}

diff --git a/build/scripts/test.sh b/build/scripts/test.sh
index 8e36de6ba3762b93950149c177bbf8a60107a96c..99b9ea0c56c7d28395a3df0834192588da9ad883 100644 (file)
--- a/build/scripts/test.sh
+++ b/build/scripts/test.sh
@@ -14,6 +14,8 @@
 #
 
 test_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local shell_command=bash
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
@@ -1127,4 +1129,4 @@ test_cleanup() {
   unset test_cleanup
 }
 
-test_main $*
+test_main ${*}

diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule
index f332b7057dad7f6ad2e898a64ac476f8346fbaf2..38d455ceb47ab29a97a457f9775bb65bd48d69f0 100644 (file)
--- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule
+++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule
@@ -13,15 +13,21 @@ settings:
 
 script:
   start {
-    if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
-      xhost SI:localuser:some_user
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ $DISPLAY == "" ]] ; then
-      export DISPLAY=:0.0
-    fi
+      if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
+        xhost SI:localuser:some_user
+      fi
 
-    export WEBKIT_DISABLE_COMPOSITING_MODE=1
+      if [[ $DISPLAY == "" ]] ; then
+        export DISPLAY=:0.0
+      fi
+
+      export WEBKIT_DISABLE_COMPOSITING_MODE=1
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule
index f7458c5361edab650cbe82af902e3c40e81fe831..94bd242a65a97806a19f8d15b7ee904fca48fbb9 100644 (file)
--- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule
+++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule
@@ -13,13 +13,19 @@ settings:
 
 script:
   start {
-    if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
-      xhost SI:localuser:some_user
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ $DISPLAY == "" ]] ; then
-      export DISPLAY=:0.0
-    fi
+      if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
+        xhost SI:localuser:some_user
+      fi
+
+      if [[ $DISPLAY == "" ]] ; then
+        export DISPLAY=:0.0
+      fi
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule
index 196d6d06c87a545d010d89be0834827f7fa4830b..9f36b697f9e5ff0ae86d979439d978dc493f139d 100644 (file)
--- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule
+++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule
@@ -13,13 +13,19 @@ settings:
 
 script:
   start {
-    if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
-      xhost SI:localuser:some_user
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ $DISPLAY == "" ]] ; then
-      export DISPLAY=:0.0
-    fi
+      if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
+        xhost SI:localuser:some_user
+      fi
+
+      if [[ $DISPLAY == "" ]] ; then
+        export DISPLAY=:0.0
+      fi
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule
index 79f373e46d542366db38effc4a485c0747ef7be6..d1ea68ca32ec1925ab71607105b8f9851479f722 100644 (file)
--- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule
+++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule
@@ -13,13 +13,19 @@ settings:
 
 script:
   start {
-    if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
-      xhost SI:localuser:some_user
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ $DISPLAY == "" ]] ; then
-      export DISPLAY=:0.0
-    fi
+      if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then
+        xhost SI:localuser:some_user
+      fi
+
+      if [[ $DISPLAY == "" ]] ; then
+        export DISPLAY=:0.0
+      fi
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule
index b86e1cee668abc01aa31885e8cd0c46459619d2b..426ddc350227a21ddfbca22983ef0fd4476368a5 100644 (file)
--- a/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule
+++ b/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule
@@ -16,6 +16,8 @@ script:
 
   start {
     main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       # Example PATH containing the FLL programs at a custom isolated directory.
       PATH=/usr/local/fll/programs/shared/:$PATH
 

diff --git a/level_3/controller/data/settings/controller/example/rules/command/multiple.rule b/level_3/controller/data/settings/controller/example/rules/command/multiple.rule
index 8b3fd73147d23d93db97b367cdf1061778f7e337..32ff117b0ef7ed39b263aab691679a8247410161 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/command/multiple.rule
+++ b/level_3/controller/data/settings/controller/example/rules/command/multiple.rule
@@ -19,20 +19,32 @@ settings:
 
 script:
   start {
-    echo
-    echo "Current ulimit is"
-    ulimit -a
-    sleep 5
-
-    echo
-    echo "Current cgroup for self (PPID $PPID, PID $$) is: '$(cat /proc/self/cgroup)'"
-    sleep 5
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo
+      echo "Current ulimit is"
+      ulimit -a
+      sleep 5
+
+      echo
+      echo "Current cgroup for self (PPID $PPID, PID $$) is: '$(cat /proc/self/cgroup)'"
+      sleep 5
+    \}
+
+    main ${*}
   }
 
 command:
   start {
-    id
-    sleep 5
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      id
+      sleep 5
+    \}
+
+    main ${*}
   }
 
 script:

diff --git a/level_3/controller/data/settings/controller/example/rules/environment/default.rule b/level_3/controller/data/settings/controller/example/rules/environment/default.rule
index 4efe7e42e807cdfdd3af263a5b1437b0ea95ee34..dffe66be7dee6f0dda5f84542f04aa012e143f31 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/environment/default.rule
+++ b/level_3/controller/data/settings/controller/example/rules/environment/default.rule
@@ -9,10 +9,16 @@ settings:
 
 script:
   start {
-    echo
-    echo "==================================="
-    echo "Environment using default settings."
-    echo "==================================="
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    env
+      echo
+      echo "==================================="
+      echo "Environment using default settings."
+      echo "==================================="
+
+      env
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/environment/empty.rule b/level_3/controller/data/settings/controller/example/rules/environment/empty.rule
index c0411873208fc39fd2c4743cef90514ecd795b0d..fdb479430d03f95a4081d52fe5b9e32eec70ff76 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/environment/empty.rule
+++ b/level_3/controller/data/settings/controller/example/rules/environment/empty.rule
@@ -10,10 +10,16 @@ settings:
 
 script:
   start {
-    echo
-    echo "============================="
-    echo "Environment allowing nothing."
-    echo "============================="
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    env
+      echo
+      echo "============================="
+      echo "Environment allowing nothing."
+      echo "============================="
+
+      env
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/environment/exported.rule b/level_3/controller/data/settings/controller/example/rules/environment/exported.rule
index d8c204fdaa1bee0381dd82d739425cc0a0695d36..a7e626babea4952da7815d8d73d78db260bc2c0b 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/environment/exported.rule
+++ b/level_3/controller/data/settings/controller/example/rules/environment/exported.rule
@@ -10,10 +10,16 @@ settings:
 
 script:
   start {
-    echo
-    echo "=========================="
-    echo "Environment allowing PATH."
-    echo "=========================="
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    env
+      echo
+      echo "=========================="
+      echo "Environment allowing PATH."
+      echo "=========================="
+
+      env
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule b/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule
index d2b3dadf0c588d9c0fa62a7a2a8b3df9dd651914..5b4cd9b8056a2eed27a697741fc2a9005b93a3cc 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule
+++ b/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule
@@ -10,15 +10,21 @@ settings:
 
 script:
   start {
-    echo
-    echo "================================="
-    echo "Exported Environment is isolated."
-    echo "================================="
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    export custom_variable="is not retained"
-    echo "export custom_variable='$custom_variable'"
-    echo
-    echo "Now for 'env' command:"
+      echo
+      echo "================================="
+      echo "Exported Environment is isolated."
+      echo "================================="
+
+      export custom_variable="is not retained"
+      echo "export custom_variable='$custom_variable'"
+      echo
+      echo "Now for 'env' command:"
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule b/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule
index 727850672b1319d7bdecfc23d4075e36121660e7..4a4fa8dba6f1724fdc6ad1d9090ed1ffb144b73d 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule
+++ b/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule
@@ -6,6 +6,12 @@ settings:
 
 script:
   start {
-    echo "kaboooom!"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "kaboooom!"
+    \}
+
+    main ${*}
   }
 

diff --git a/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule b/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule
index 796b3669450f2f876cbc85db2c9d50acc10707e2..5b3b210f5a5fd976723b6aeccde947b064013e74 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule
+++ b/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule
@@ -8,7 +8,13 @@ settings:
 
 script:
   start {
-    if [[ ! -d "parameter:"socket"" ]] ; then
-      mkdir parameter:"verbose" -p parameter:"socket"
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      if [[ ! -d "parameter:"socket"" ]] ; then
+        mkdir parameter:"verbose" -p parameter:"socket"
+      fi
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/script/fail.rule b/level_3/controller/data/settings/controller/example/rules/script/fail.rule
index dd77b4138d50b4796c0c82225846d4178bf5cec2..536b4e54c9e7708d8b09ba6de34456e23deb1aa1 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/script/fail.rule
+++ b/level_3/controller/data/settings/controller/example/rules/script/fail.rule
@@ -7,8 +7,12 @@ settings:
 script:
   start {
     \#!/bin/bash
+
     my_function() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       echo "Hello this is the last script, it should trigger failure."
+
       return 1;
     \}
 

diff --git a/level_3/controller/data/settings/controller/example/rules/script/iki.rule b/level_3/controller/data/settings/controller/example/rules/script/iki.rule
index c4519182f95f2832df6596cc1b9b3cf875735eba..6f34ddbcf59af1487cfb0920f69501ce56c41b23 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/script/iki.rule
+++ b/level_3/controller/data/settings/controller/example/rules/script/iki.rule
@@ -9,22 +9,29 @@ settings:
 script:
   start {
     \#!/bin/bash
-    echo "====================================="
-    env
-    echo "====================================="
-    echo "IKI Path is 'define:"PATH"'"
-    echo "IKI define IKI_TEST 'define:"IKI_TEST"'"
-    echo "ENV IKI_TEST '$IKI_TEST'"
-    echo "Some Parameter is 'parameter:"some"'"
-    echo "Unknown parameter is: 'parameter:"unknown"'"
-    echo "Unknown environment is: 'define:"unknown"'"
-    echo "Unavailable environment via IKI: 'define:"USER"'"
-    echo "Unavailable environment via ENV: '$USER'"
-    echo "Program parameter verbose: 'program:"verbose"'"
-    echo "Program parameter verbose(option): 'program:"verbose:option"'"
-    echo "Program parameter verbose(value): 'program:"verbose:value"'"
-    echo "Program parameter PID: 'program:"pid"'"
-    echo "Program parameter PID(option): 'program:"pid:option"'"
-    echo "Program parameter PID(value): 'program:"pid:value"'"
-    echo "====================================="
+
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "====================================="
+      env
+      echo "====================================="
+      echo "IKI Path is 'define:"PATH"'"
+      echo "IKI define IKI_TEST 'define:"IKI_TEST"'"
+      echo "ENV IKI_TEST '$IKI_TEST'"
+      echo "Some Parameter is 'parameter:"some"'"
+      echo "Unknown parameter is: 'parameter:"unknown"'"
+      echo "Unknown environment is: 'define:"unknown"'"
+      echo "Unavailable environment via IKI: 'define:"USER"'"
+      echo "Unavailable environment via ENV: '$USER'"
+      echo "Program parameter verbose: 'program:"verbose"'"
+      echo "Program parameter verbose(option): 'program:"verbose:option"'"
+      echo "Program parameter verbose(value): 'program:"verbose:value"'"
+      echo "Program parameter PID: 'program:"pid"'"
+      echo "Program parameter PID(option): 'program:"pid:option"'"
+      echo "Program parameter PID(value): 'program:"pid:value"'"
+      echo "====================================="
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule
index bb84e2da7e54b57ac06c86bfe4efba19bd6bac85..a66184611b6973724da3644699ba8000a8a5d41e 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule
@@ -6,13 +6,25 @@ settings:
 
 script:
   start {
-    echo "Serial 1: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 1: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 1: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 1: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 1: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 1: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 1: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 1: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule
index 5496172566324cd5f7ed2187e880900d6a933887..afb7392e306db24ee2608bc646a8e12a191469df 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule
@@ -7,13 +7,25 @@ settings:
 
 script:
   start {
-    echo "Serial 2: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 2: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 2: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 2: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 2: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 2: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 2: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 2: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule
index fee1d889ff152f0f92dddd451b3ef9ae41a0c3bb..bc17f589d222ed8419a94d8274efa65b211fe1bf 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule
@@ -7,13 +7,25 @@ settings:
 
 script:
   start {
-    echo "Serial 3: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 3: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 3: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 3: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 3: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 3: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 3: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 3: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule
index ff7040f55d1b585be62968204a5e9b4f52f5683d..b144dcc8d8a8a86988af90af4213fec076e8b82d 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule
@@ -7,13 +7,25 @@ settings:
 
 script:
   start {
-    echo "Serial 4: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 4: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 4: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 4: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 4: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 4: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 4: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 4: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule
index 11c7c6cba5f90986d198a11cb3fcb3c4553a7f9e..60b4a3129da4313eea617fa75002075a7a593701 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule
@@ -7,13 +7,25 @@ settings:
 
 script:
   start {
-    echo "Serial 5: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 5: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 5: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 5: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 5: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 5: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 5: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 5: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule
index 4eba10d3cc861504060634c5844d8c59ed23319d..c6d971a98b8efc94abf8982e16b0deb02cbeb0c0 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule
+++ b/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule
@@ -6,13 +6,25 @@ settings:
 
 script:
   start {
-    echo "Serial 6: sleeping $(date -u)"
-    sleep 1
-    echo "Serial 6: slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 6: sleeping $(date -u)"
+      sleep 1
+      echo "Serial 6: slept    $(date -u)"
+    \}
+
+    main ${*}
   }
 
   stop {
-    echo "Serial 6: stopping, sleeping $(date -u)"
-    sleep 1
-    echo "Serial 6: stopping, slept    $(date -u)"
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      echo "Serial 6: stopping, sleeping $(date -u)"
+      sleep 1
+      echo "Serial 6: stopping, slept    $(date -u)"
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule
index 9aafe871967b87fbb29fe92234b432c9dbd23bc4..3c89a7e93bbe60ab6d88de6600bf5e710e1a87fd 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule
+++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule
@@ -11,6 +11,8 @@ utility:
     \#!/bin/bash
 
     main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       if [[ -f /tmp/sleeper_1.pid ]] ; then
         echo "Failure: pid file '/tmp/sleeper_1.pid' already exists."
         return 1
@@ -23,8 +25,9 @@ utility:
 
       echo "Sleeper 1, done sleeping."
       rm -f /tmp/sleeper_1.pid
+
       return 0
     \}
 
-    main &
+    main ${*} &
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule
index 2bc5cfc269c9a507ebc89b7532d8d44aa1c4668b..a1d150eff4c672ae1d1d208b1ed839bdf57d3642 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule
+++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule
@@ -11,6 +11,8 @@ utility:
     \#!/bin/bash
 
     main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       if [[ -f /tmp/sleeper_2.pid ]] ; then
         echo "Failure: pid file '/tmp/sleeper_2.pid' already exists."
         return 1
@@ -23,8 +25,9 @@ utility:
 
       echo "Sleeper 2, done sleeping."
       rm -f /tmp/sleeper_2.pid
+
       return 0
     \}
 
-    main &
+    main ${*} &
   }

diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule
index 07ba570138a5f92dd36572d0b6444e95fde1de7f..3f80997a12705a0e94500a3b68d7d2b821b3b89d 100644 (file)
--- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule
+++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule
@@ -11,6 +11,8 @@ utility:
     \#!/bin/bash
 
     main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       if [[ -f /tmp/sleeper_3.1.pid ]] ; then
         echo "Failure: pid file '/tmp/sleeper_3.1.pid' already exists."
         return 1
@@ -26,7 +28,7 @@ utility:
       return 0
     \}
 
-    main &
+    main ${*} &
   }
 
 utility:
@@ -35,6 +37,8 @@ utility:
     \#!/bin/bash
 
     main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
       if [[ -f /tmp/sleeper_3.2.pid ]] ; then
         echo "Failure: pid file '/tmp/sleeper_3.2.pid' already exists."
         return 1
@@ -47,8 +51,9 @@ utility:
 
       echo "Sleeper 3.2, done sleeping."
       rm -f /tmp/sleeper_3.2.pid
+
       return 0
     \}
 
-    main &
+    main ${*} &
   }

diff --git a/level_3/controller/data/settings/controller/rules/boot/devices.rule b/level_3/controller/data/settings/controller/rules/boot/devices.rule
index 61d3038aa016cb0f964e3fea47457a7dad1e6883..f7a841856a2be91a398f4f44ccbad94aba0680ca 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/boot/devices.rule
+++ b/level_3/controller/data/settings/controller/rules/boot/devices.rule
@@ -14,15 +14,21 @@ settings:
 
 script:
   start {
-    if [[ ! -d /dev/pts ]] ; then
-      mkdir /dev/pts
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ ! -d /dev/shm ]] ; then
-      mkdir /dev/shm
-    fi
+      if [[ ! -d /dev/pts ]] ; then
+        mkdir /dev/pts
+      fi
 
-    exit 0
+      if [[ ! -d /dev/shm ]] ; then
+        mkdir /dev/shm
+      fi
+
+      return 0
+    \}
+
+    main ${*}
   }
 
 command:

diff --git a/level_3/controller/data/settings/controller/rules/boot/file_system.rule b/level_3/controller/data/settings/controller/rules/boot/file_system.rule
index 41e6932b40ee86e6e5605d54102e0d6fbae6ffaf..fb763fe14f851be75959a5fac851bc0bcb2910a2 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/boot/file_system.rule
+++ b/level_3/controller/data/settings/controller/rules/boot/file_system.rule
@@ -23,7 +23,13 @@ command:
 
 script:
   start {
-    if [[ ! -d /var/run/init ]] ; then
-      mkdir /var/run/init
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      if [[ ! -d /var/run/init ]] ; then
+        mkdir /var/run/init
+      fi
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/boot/modules.rule b/level_3/controller/data/settings/controller/rules/boot/modules.rule
index 5572d90e50484767692c766b9181a17dc0617b06..eb0c88cd955f4ebf285da1566d4568214c50e2c5 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/boot/modules.rule
+++ b/level_3/controller/data/settings/controller/rules/boot/modules.rule
@@ -12,17 +12,23 @@ settings:
 
 script:
   start {
-    if [[ ! -f /proc/modules ]] ; then
-      exit 0
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ -d /modules ]] ; then
-      if [[ ! -e /modules/$(uname -r)/modules.dep ]] ; then
-        depmod
-      else
-        depmod -A
+      if [[ ! -f /proc/modules ]] ; then
+        exit 0
       fi
-    fi
 
-    exit 0
+      if [[ -d /modules ]] ; then
+        if [[ ! -e /modules/$(uname -r)/modules.dep ]] ; then
+          depmod
+        else
+          depmod -A
+        fi
+      fi
+
+      return 0
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/boot/proc.rule b/level_3/controller/data/settings/controller/rules/boot/proc.rule
index acb9fa5487968027a747047a575b6498ab041e94..28b605f44be22b98a7ee2e70b98063c5d9cce529 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/boot/proc.rule
+++ b/level_3/controller/data/settings/controller/rules/boot/proc.rule
@@ -13,17 +13,29 @@ command:
 
 script:
   start {
-    if [[ -d /proc/bus/usb ]] ; then
-      mount /proc/bus/usb
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    exit 0
+      if [[ -d /proc/bus/usb ]] ; then
+        mount /proc/bus/usb
+      fi
+
+      return 0
+    \}
+
+    main ${*}
   }
 
   stop {
-    if [[ -d /proc/bus/usb ]] ; then
-      umount -l /proc/bus/usb
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      if [[ -d /proc/bus/usb ]] ; then
+        umount -l /proc/bus/usb
+      fi
+
+      return 0
+    \}
 
-    exit 0
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/boot/root.rule b/level_3/controller/data/settings/controller/rules/boot/root.rule
index 5f3abf6c200ae830552581df2a95a8bb8f96d446..bfc95c69e7361a66d439a78281c37b65e9bc2f83 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/boot/root.rule
+++ b/level_3/controller/data/settings/controller/rules/boot/root.rule
@@ -11,57 +11,63 @@ command:
 
 script:
   start {
-    if [[ ! -d /dev ]] ; then
-      mkdir /dev
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ ! -d /dev/pts ]] ; then
-      mkdir /dev/pts
-    fi
+      if [[ ! -d /dev ]] ; then
+        mkdir /dev
+      fi
 
-    if [[ ! -d /dev/shm ]] ; then
-      mkdir /dev/shm
-    fi
+      if [[ ! -d /dev/pts ]] ; then
+        mkdir /dev/pts
+      fi
 
-    if [[ ! -d /firmware ]] ; then
-      mkdir /firmware
-    fi
+      if [[ ! -d /dev/shm ]] ; then
+        mkdir /dev/shm
+      fi
 
-    if [[ ! -d /mnt ]] ; then
-      mkdir /mnt
-    fi
+      if [[ ! -d /firmware ]] ; then
+        mkdir /firmware
+      fi
 
-    if [[ ! -d /modules ]] ; then
-      mkdir /modules
-    fi
+      if [[ ! -d /mnt ]] ; then
+        mkdir /mnt
+      fi
 
-    if [[ ! -d /proc ]] ; then
-      mkdir /proc
-    fi
+      if [[ ! -d /modules ]] ; then
+        mkdir /modules
+      fi
 
-    if [[ ! -d /sys ]] ; then
-      mkdir /sys
-    fi
+      if [[ ! -d /proc ]] ; then
+        mkdir /proc
+      fi
 
-    if [[ ! -d /tmp ]] ; then
-      mkdir /tmp
-    fi
+      if [[ ! -d /sys ]] ; then
+        mkdir /sys
+      fi
 
-    if [[ ! -d /var ]] ; then
-      mkdir /var
-    fi
+      if [[ ! -d /tmp ]] ; then
+        mkdir /tmp
+      fi
 
-    if [[ ! -d /var/log ]] ; then
-      mkdir /var/log
-    fi
+      if [[ ! -d /var ]] ; then
+        mkdir /var
+      fi
 
-    if [[ ! -d /var/run ]] ; then
-      mkdir /var/run
-    fi
+      if [[ ! -d /var/log ]] ; then
+        mkdir /var/log
+      fi
 
-    if [[ ! -d /var/tmp ]] ; then
-      mkdir /var/tmp
-    fi
+      if [[ ! -d /var/run ]] ; then
+        mkdir /var/run
+      fi
 
-    exit 0
+      if [[ ! -d /var/tmp ]] ; then
+        mkdir /var/tmp
+      fi
+
+      return 0
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/net/loopback.rule b/level_3/controller/data/settings/controller/rules/net/loopback.rule
index 9377cddb0fcce4657136479601ef25e238eaa477..1ac8841f263c214977ea7701bffe957a9e68df99 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/net/loopback.rule
+++ b/level_3/controller/data/settings/controller/rules/net/loopback.rule
@@ -10,10 +10,22 @@ settings:
 
 script:
   start {
-    ip addr add 127.0.0.1/8 label lo dev lo
-    ip link set lo up
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      ip addr add 127.0.0.1/8 label lo dev lo
+      ip link set lo up
+    \}
+
+    main ${*}
   }
 
   stop {
-    ip link set lo down
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      ip link set lo down
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/service/mouse.rule b/level_3/controller/data/settings/controller/rules/service/mouse.rule
index ad970954d2202fda46eed5f1afea3ff40cf5f0aa..ecfcb3822fbd504e49ca71a3be0e3c2975647f59 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/service/mouse.rule
+++ b/level_3/controller/data/settings/controller/rules/service/mouse.rule
@@ -10,10 +10,16 @@ settings:
 
 script:
   start {
-    # This works if gpm service is run as root, but if not then this should be in a separate rule file with appropriate access to write to /var/run (don't forget to chown!).
-    if [[ ! -d /var/run/mouse/ && -d /var/run ]] ; then
-      mkdir /var/run/mouse/
-    fi
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+      # This works if gpm service is run as root, but if not then this should be in a separate rule file with appropriate access to write to /var/run (don't forget to chown!).
+      if [[ ! -d /var/run/mouse/ && -d /var/run ]] ; then
+        mkdir /var/run/mouse/
+      fi
+    \}
+
+    main ${*}
   }
 
 service:

diff --git a/level_3/controller/data/settings/controller/rules/task/clock.rule b/level_3/controller/data/settings/controller/rules/task/clock.rule
index 663f15992ece7cd217be3d7c372e511ebf1f9fe3..615dbcc2e00abd73685a7da6ab435a044fdc5f59 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/task/clock.rule
+++ b/level_3/controller/data/settings/controller/rules/task/clock.rule
@@ -13,27 +13,33 @@ settings:
 
 script:
   start {
-    clock_file=/etc/clock
-    clock_mode=
-    clock_server=
-    clock_ntpdate=
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ -f $clock_file ]] ; then
-      clock_mode=$(fss_basic_read -can 0 mode $clock_file);
-      clock_server=$(fss_basic_read -can 0 server $clock_file)
-      clock_ntpdate=$(fss_basic_read -can 0 ntpdate $clock_file)
-    fi
+      clock_file=/etc/clock
+      clock_mode=
+      clock_server=
+      clock_ntpdate=
 
-    if [[ $clock_mode == "local" ]] ; then
-      hwclock --hctosys;
-    elif [[ $clock_mode == "ntp"  ]] ; then
-      if [[ $clock_ntpdate == "yes" ]] ; then
-        ntpdate $clock_server &&
-        hwclock --systohc --utc
+      if [[ -f $clock_file ]] ; then
+        clock_mode=$(fss_basic_read -can 0 mode $clock_file);
+        clock_server=$(fss_basic_read -can 0 server $clock_file)
+        clock_ntpdate=$(fss_basic_read -can 0 ntpdate $clock_file)
       fi
-    elif [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then
-      ntpdate $clock_server
-    elif [[ $clock_mode == "utc" ]] ; then
-      hwclock --hctosys --utc;
-    fi
+
+      if [[ $clock_mode == "local" ]] ; then
+        hwclock --hctosys;
+      elif [[ $clock_mode == "ntp"  ]] ; then
+        if [[ $clock_ntpdate == "yes" ]] ; then
+          ntpdate $clock_server &&
+          hwclock --systohc --utc
+        fi
+      elif [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then
+        ntpdate $clock_server
+      elif [[ $clock_mode == "utc" ]] ; then
+        hwclock --hctosys --utc;
+      fi
+    \}
+
+    main ${*}
   }

diff --git a/level_3/controller/data/settings/controller/rules/task/ntpdate.rule b/level_3/controller/data/settings/controller/rules/task/ntpdate.rule
index 5956114a40859ac5ef6c3a6cb5b869775f7caf19..9f7da58f4501f89eee25da26ae028485dd698eaa 100644 (file)
--- a/level_3/controller/data/settings/controller/rules/task/ntpdate.rule
+++ b/level_3/controller/data/settings/controller/rules/task/ntpdate.rule
@@ -13,16 +13,22 @@ settings:
 
 script:
   start {
-    clock_file=/etc/clock
-    clock_mode=
-    clock_server=
+    main() {
+      local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
-    if [[ -f $clock_file ]] ; then
-      clock_mode=$(fss_basic_read -can 0 mode $clock_file);
-      clock_server=$(fss_basic_read -can 0 server $clock_file)
-    fi
+      clock_file=/etc/clock
+      clock_mode=
+      clock_server=
 
-    if [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then
-      ntpdate $clock_server
-    fi
+      if [[ -f $clock_file ]] ; then
+        clock_mode=$(fss_basic_read -can 0 mode $clock_file);
+        clock_server=$(fss_basic_read -can 0 server $clock_file)
+      fi
+
+      if [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then
+        ntpdate $clock_server
+      fi
+    \}
+
+    main ${*}
   }

diff --git a/level_3/fake/data/build/process_post.sh b/level_3/fake/data/build/process_post.sh
index 4415b4829b6635a9bb7778193e71a26dd360a750..286beffa91ec701bc4f74e1eb5f4626774a79ded 100755 (executable)
--- a/level_3/fake/data/build/process_post.sh
+++ b/level_3/fake/data/build/process_post.sh
@@ -8,6 +8,8 @@
 # The dependencies of this script are: bash and sed.
 #
 process_post_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local grab_next=
   local do_color=dark
   local i=0

diff --git a/level_3/fake/data/build/process_pre.sh b/level_3/fake/data/build/process_pre.sh
index 51da85a2665bcb4db1a416907b577a2fe4147862..0eb3b56f45dbff5dbd6ba8a136bbb344ea04289d 100755 (executable)
--- a/level_3/fake/data/build/process_pre.sh
+++ b/level_3/fake/data/build/process_pre.sh
@@ -8,6 +8,8 @@
 # The dependencies of this script are: bash and sed.
 #
 process_pre_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local grab_next=
   local do_color=dark
   local i=0

diff --git a/level_3/fake/data/projects/go/example_go/data/build/process_post.sh b/level_3/fake/data/projects/go/example_go/data/build/process_post.sh
index 05a7907cf5a4a5927d09b1e964aae97a096908f6..a5fc4d84e061b5bd3edab3d492f8bd4d212c6cae 100755 (executable)
--- a/level_3/fake/data/projects/go/example_go/data/build/process_post.sh
+++ b/level_3/fake/data/projects/go/example_go/data/build/process_post.sh
@@ -1,2 +1,8 @@
 #!/bin/bash
 
+main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+}
+
+main ${*}

diff --git a/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh b/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh
index 05a7907cf5a4a5927d09b1e964aae97a096908f6..a5fc4d84e061b5bd3edab3d492f8bd4d212c6cae 100755 (executable)
--- a/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh
+++ b/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh
@@ -1,2 +1,8 @@
 #!/bin/bash
 
+main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
+}
+
+main ${*}

diff --git a/level_3/fss_basic_list_read/tests/runtime/script/generate.sh b/level_3/fss_basic_list_read/tests/runtime/script/generate.sh
index c3686ce3a3f454441315e6a1b00673939d054473..f790f6998860308eb11cfb39954c97a197b92dbc 100644 (file)
--- a/level_3/fss_basic_list_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_basic_list_read/tests/runtime/script/generate.sh
@@ -13,6 +13,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_basic_list_read/tests/runtime/script/verify.sh b/level_3/fss_basic_list_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_basic_list_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_basic_list_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/fss_basic_read/tests/runtime/script/generate.sh b/level_3/fss_basic_read/tests/runtime/script/generate.sh
index c64366141e5943bdf9422b91388c48b884397691..fa84a3808205256591fee586ef52357011e685bd 100644 (file)
--- a/level_3/fss_basic_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_basic_read/tests/runtime/script/generate.sh
@@ -11,6 +11,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_basic_read/tests/runtime/script/verify.sh b/level_3/fss_basic_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_basic_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_basic_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh b/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh
index 10d51ae8510a46362640599a5af4af70fad2f651..3e6c4fe9caeaed8652298393ff8ccbffa9f36b66 100644 (file)
--- a/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh
@@ -13,6 +13,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh b/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/fss_extended_list_read/tests/runtime/script/generate.sh b/level_3/fss_extended_list_read/tests/runtime/script/generate.sh
index f65d358562dcc29f12b4d2e398f23e3bc9684c57..8bc0c148fad96aba07fb0b34736213e0e7201630 100644 (file)
--- a/level_3/fss_extended_list_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_extended_list_read/tests/runtime/script/generate.sh
@@ -13,6 +13,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_extended_list_read/tests/runtime/script/verify.sh b/level_3/fss_extended_list_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_extended_list_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_extended_list_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/fss_extended_read/tests/runtime/script/generate.sh b/level_3/fss_extended_read/tests/runtime/script/generate.sh
index f58f6b7ef431b06543a0aa27ddcdde2d27562f51..f26964edbc3f01db5e0591220d045754f600562e 100644 (file)
--- a/level_3/fss_extended_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_extended_read/tests/runtime/script/generate.sh
@@ -13,6 +13,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_extended_read/tests/runtime/script/verify.sh b/level_3/fss_extended_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_extended_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_extended_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/fss_payload_read/tests/runtime/script/generate.sh b/level_3/fss_payload_read/tests/runtime/script/generate.sh
index 5d6c3958d77678e5c9c93416ed42ec24062f576d..0b1e79e97459ef633d4418113fd9c55e33fdedd8 100644 (file)
--- a/level_3/fss_payload_read/tests/runtime/script/generate.sh
+++ b/level_3/fss_payload_read/tests/runtime/script/generate.sh
@@ -13,6 +13,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/fss_payload_read/tests/runtime/script/verify.sh b/level_3/fss_payload_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/fss_payload_read/tests/runtime/script/verify.sh
+++ b/level_3/fss_payload_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"

diff --git a/level_3/iki_read/tests/runtime/script/generate.sh b/level_3/iki_read/tests/runtime/script/generate.sh
index f5903338259098c7c2e8bc67769d234e03316a4a..f800a7c73339c287228c871677b88133d8cb93ab 100644 (file)
--- a/level_3/iki_read/tests/runtime/script/generate.sh
+++ b/level_3/iki_read/tests/runtime/script/generate.sh
@@ -11,6 +11,8 @@
 #
 
 generate_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local file_source="${2}"
   local path_destination="${3}"
   local failure=0

diff --git a/level_3/iki_read/tests/runtime/script/verify.sh b/level_3/iki_read/tests/runtime/script/verify.sh
index cdae794c1c68dd10c8e80174bb11bee504177b2f..9a5d6b21e287e35b3e50dec530e998f13bd82d21 100644 (file)
--- a/level_3/iki_read/tests/runtime/script/verify.sh
+++ b/level_3/iki_read/tests/runtime/script/verify.sh
@@ -10,6 +10,8 @@
 #
 
 verify_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
   local path_build="${1}"
   local path_expect="${2}"
   local test_name="${3}"