From 805ed8743d881ab11ad81bd4f29aa7bc4e118ae4 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Thu, 5 Jun 2025 21:01:52 -0500 Subject: [PATCH] Security: Explicitly define IFS to prevent misuse. The scripts are written with certain expectations. This expectation may not be properly met if the `IFS` value is changed. This can potentially be used to create some sort of exploit. Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting. --- build/scripts/bootstrap-example.sh | 2 + build/scripts/bootstrap.sh | 3 +- build/scripts/generate_codepoints_from_digits.sh | 2 + build/scripts/generate_ctags.sh | 3 +- build/scripts/generate_unicode.sh | 2 + build/scripts/install.sh | 3 +- build/scripts/package.sh | 3 +- build/scripts/test.sh | 4 +- .../example/cgroup/rules/program/chromium.rule | 20 +++-- .../example/cgroup/rules/program/falkon.rule | 18 +++-- .../example/cgroup/rules/program/firefox.rule | 18 +++-- .../example/cgroup/rules/program/terminator.rule | 18 +++-- .../example/cgroup/rules/setup/cgroups.rule | 2 + .../controller/example/rules/command/multiple.rule | 32 +++++--- .../example/rules/environment/default.rule | 16 ++-- .../example/rules/environment/empty.rule | 16 ++-- .../example/rules/environment/exported.rule | 16 ++-- .../example/rules/environment/exporting.rule | 22 ++++-- .../controller/example/rules/maintenance/boom.rule | 8 +- .../example/rules/script/create_socket_path.rule | 12 ++- .../controller/example/rules/script/fail.rule | 4 + .../controller/example/rules/script/iki.rule | 43 ++++++----- .../controller/example/rules/serial/s_1.rule | 24 ++++-- .../controller/example/rules/serial/s_2.rule | 24 ++++-- .../controller/example/rules/serial/s_3.rule | 24 ++++-- .../controller/example/rules/serial/s_4.rule | 24 ++++-- .../controller/example/rules/serial/s_5.rule | 24 ++++-- .../controller/example/rules/serial/s_6.rule | 24 ++++-- .../example/rules/utility/sleeper_1.rule | 5 +- .../example/rules/utility/sleeper_2.rule | 5 +- .../example/rules/utility/sleeper_3.rule | 9 ++- .../settings/controller/rules/boot/devices.rule | 20 +++-- .../controller/rules/boot/file_system.rule | 12 ++- .../settings/controller/rules/boot/modules.rule | 26 ++++--- .../data/settings/controller/rules/boot/proc.rule | 28 +++++-- .../data/settings/controller/rules/boot/root.rule | 86 ++++++++++++---------- .../settings/controller/rules/net/loopback.rule | 18 ++++- .../settings/controller/rules/service/mouse.rule | 14 +++- .../data/settings/controller/rules/task/clock.rule | 46 +++++++----- .../settings/controller/rules/task/ntpdate.rule | 26 ++++--- level_3/fake/data/build/process_post.sh | 2 + level_3/fake/data/build/process_pre.sh | 2 + .../go/example_go/data/build/process_post.sh | 6 ++ .../go/example_go/data/build/process_pre.sh | 6 ++ .../tests/runtime/script/generate.sh | 2 + .../tests/runtime/script/verify.sh | 2 + .../tests/runtime/script/generate.sh | 2 + .../fss_basic_read/tests/runtime/script/verify.sh | 2 + .../tests/runtime/script/generate.sh | 2 + .../tests/runtime/script/verify.sh | 2 + .../tests/runtime/script/generate.sh | 2 + .../tests/runtime/script/verify.sh | 2 + .../tests/runtime/script/generate.sh | 2 + .../tests/runtime/script/verify.sh | 2 + .../tests/runtime/script/generate.sh | 2 + .../tests/runtime/script/verify.sh | 2 + level_3/iki_read/tests/runtime/script/generate.sh | 2 + level_3/iki_read/tests/runtime/script/verify.sh | 2 + 58 files changed, 520 insertions(+), 230 deletions(-) diff --git a/build/scripts/bootstrap-example.sh b/build/scripts/bootstrap-example.sh index ce4b44e..282d986 100644 --- a/build/scripts/bootstrap-example.sh +++ b/build/scripts/bootstrap-example.sh @@ -42,6 +42,8 @@ # main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + if [[ ${SHELL_ENGINE} == "zsh" ]] ; then emulate ksh fi diff --git a/build/scripts/bootstrap.sh b/build/scripts/bootstrap.sh index eedaadc..8219279 100644 --- a/build/scripts/bootstrap.sh +++ b/build/scripts/bootstrap.sh @@ -13,6 +13,7 @@ # bootstrap_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. if [[ ${SHELL_ENGINE} == "zsh" ]] ; then emulate ksh @@ -3035,4 +3036,4 @@ bootstrap_cleanup() { unset bootstrap_cleanup } -bootstrap_main $* +bootstrap_main ${*} diff --git a/build/scripts/generate_codepoints_from_digits.sh b/build/scripts/generate_codepoints_from_digits.sh index 1bc3410..fe7d3a4 100644 --- a/build/scripts/generate_codepoints_from_digits.sh +++ b/build/scripts/generate_codepoints_from_digits.sh @@ -9,6 +9,8 @@ # main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local -i first="$1" local -i last="$2" diff --git a/build/scripts/generate_ctags.sh b/build/scripts/generate_ctags.sh index 5d1e8a6..c07d81a 100644 --- a/build/scripts/generate_ctags.sh +++ b/build/scripts/generate_ctags.sh @@ -10,6 +10,7 @@ # main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. if [[ ${SHELL_ENGINE} == "zsh" ]] ; then emulate ksh @@ -290,4 +291,4 @@ generate_ctags_cleanup() { unset generate_ctags_cleanup } -main $* +main ${*} diff --git a/build/scripts/generate_unicode.sh b/build/scripts/generate_unicode.sh index 9815ff1..b339669 100644 --- a/build/scripts/generate_unicode.sh +++ b/build/scripts/generate_unicode.sh @@ -11,6 +11,8 @@ # main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_input="codes.txt" local mode=$1 local code= diff --git a/build/scripts/install.sh b/build/scripts/install.sh index 2c7f978..e0cf853 100644 --- a/build/scripts/install.sh +++ b/build/scripts/install.sh @@ -14,6 +14,7 @@ # install_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. if [[ ${SHELL_ENGINE} == "zsh" ]] ; then emulate ksh @@ -877,4 +878,4 @@ install_cleanup() { unset install_cleanup } -install_main $* +install_main ${*} diff --git a/build/scripts/package.sh b/build/scripts/package.sh index 6446488..3ec93d3 100644 --- a/build/scripts/package.sh +++ b/build/scripts/package.sh @@ -12,6 +12,7 @@ # package_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. if [[ ${SHELL_ENGINE} == "zsh" ]] ; then emulate ksh @@ -2438,4 +2439,4 @@ package_cleanup() { unset package_cleanup } -package_main $* +package_main ${*} diff --git a/build/scripts/test.sh b/build/scripts/test.sh index 8e36de6..99b9ea0 100644 --- a/build/scripts/test.sh +++ b/build/scripts/test.sh @@ -14,6 +14,8 @@ # test_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local shell_command=bash if [[ ${SHELL_ENGINE} == "zsh" ]] ; then @@ -1127,4 +1129,4 @@ test_cleanup() { unset test_cleanup } -test_main $* +test_main ${*} diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule index f332b70..38d455c 100644 --- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule +++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/chromium.rule @@ -13,15 +13,21 @@ settings: script: start { - if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then - xhost SI:localuser:some_user - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ $DISPLAY == "" ]] ; then - export DISPLAY=:0.0 - fi + if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then + xhost SI:localuser:some_user + fi - export WEBKIT_DISABLE_COMPOSITING_MODE=1 + if [[ $DISPLAY == "" ]] ; then + export DISPLAY=:0.0 + fi + + export WEBKIT_DISABLE_COMPOSITING_MODE=1 + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule index f7458c5..94bd242 100644 --- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule +++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/falkon.rule @@ -13,13 +13,19 @@ settings: script: start { - if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then - xhost SI:localuser:some_user - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ $DISPLAY == "" ]] ; then - export DISPLAY=:0.0 - fi + if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then + xhost SI:localuser:some_user + fi + + if [[ $DISPLAY == "" ]] ; then + export DISPLAY=:0.0 + fi + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule index 196d6d0..9f36b69 100644 --- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule +++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/firefox.rule @@ -13,13 +13,19 @@ settings: script: start { - if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then - xhost SI:localuser:some_user - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ $DISPLAY == "" ]] ; then - export DISPLAY=:0.0 - fi + if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then + xhost SI:localuser:some_user + fi + + if [[ $DISPLAY == "" ]] ; then + export DISPLAY=:0.0 + fi + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule index 79f373e..d1ea68c 100644 --- a/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule +++ b/level_3/controller/data/settings/controller/example/cgroup/rules/program/terminator.rule @@ -13,13 +13,19 @@ settings: script: start { - if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then - xhost SI:localuser:some_user - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ $DISPLAY == "" ]] ; then - export DISPLAY=:0.0 - fi + if [[ $(xhost | grep '^SI:localuser:some_user$') == "" ]] ; then + xhost SI:localuser:some_user + fi + + if [[ $DISPLAY == "" ]] ; then + export DISPLAY=:0.0 + fi + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule b/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule index b86e1ce..426ddc3 100644 --- a/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule +++ b/level_3/controller/data/settings/controller/example/cgroup/rules/setup/cgroups.rule @@ -16,6 +16,8 @@ script: start { main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + # Example PATH containing the FLL programs at a custom isolated directory. PATH=/usr/local/fll/programs/shared/:$PATH diff --git a/level_3/controller/data/settings/controller/example/rules/command/multiple.rule b/level_3/controller/data/settings/controller/example/rules/command/multiple.rule index 8b3fd73..32ff117 100644 --- a/level_3/controller/data/settings/controller/example/rules/command/multiple.rule +++ b/level_3/controller/data/settings/controller/example/rules/command/multiple.rule @@ -19,20 +19,32 @@ settings: script: start { - echo - echo "Current ulimit is" - ulimit -a - sleep 5 - - echo - echo "Current cgroup for self (PPID $PPID, PID $$) is: '$(cat /proc/self/cgroup)'" - sleep 5 + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo + echo "Current ulimit is" + ulimit -a + sleep 5 + + echo + echo "Current cgroup for self (PPID $PPID, PID $$) is: '$(cat /proc/self/cgroup)'" + sleep 5 + \} + + main ${*} } command: start { - id - sleep 5 + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + id + sleep 5 + \} + + main ${*} } script: diff --git a/level_3/controller/data/settings/controller/example/rules/environment/default.rule b/level_3/controller/data/settings/controller/example/rules/environment/default.rule index 4efe7e4..dffe66b 100644 --- a/level_3/controller/data/settings/controller/example/rules/environment/default.rule +++ b/level_3/controller/data/settings/controller/example/rules/environment/default.rule @@ -9,10 +9,16 @@ settings: script: start { - echo - echo "===================================" - echo "Environment using default settings." - echo "===================================" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - env + echo + echo "===================================" + echo "Environment using default settings." + echo "===================================" + + env + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/environment/empty.rule b/level_3/controller/data/settings/controller/example/rules/environment/empty.rule index c041187..fdb4794 100644 --- a/level_3/controller/data/settings/controller/example/rules/environment/empty.rule +++ b/level_3/controller/data/settings/controller/example/rules/environment/empty.rule @@ -10,10 +10,16 @@ settings: script: start { - echo - echo "=============================" - echo "Environment allowing nothing." - echo "=============================" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - env + echo + echo "=============================" + echo "Environment allowing nothing." + echo "=============================" + + env + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/environment/exported.rule b/level_3/controller/data/settings/controller/example/rules/environment/exported.rule index d8c204f..a7e626b 100644 --- a/level_3/controller/data/settings/controller/example/rules/environment/exported.rule +++ b/level_3/controller/data/settings/controller/example/rules/environment/exported.rule @@ -10,10 +10,16 @@ settings: script: start { - echo - echo "==========================" - echo "Environment allowing PATH." - echo "==========================" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - env + echo + echo "==========================" + echo "Environment allowing PATH." + echo "==========================" + + env + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule b/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule index d2b3dad..5b4cd9b 100644 --- a/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule +++ b/level_3/controller/data/settings/controller/example/rules/environment/exporting.rule @@ -10,15 +10,21 @@ settings: script: start { - echo - echo "=================================" - echo "Exported Environment is isolated." - echo "=================================" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - export custom_variable="is not retained" - echo "export custom_variable='$custom_variable'" - echo - echo "Now for 'env' command:" + echo + echo "=================================" + echo "Exported Environment is isolated." + echo "=================================" + + export custom_variable="is not retained" + echo "export custom_variable='$custom_variable'" + echo + echo "Now for 'env' command:" + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule b/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule index 7278506..4a4fa8d 100644 --- a/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule +++ b/level_3/controller/data/settings/controller/example/rules/maintenance/boom.rule @@ -6,6 +6,12 @@ settings: script: start { - echo "kaboooom!" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "kaboooom!" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule b/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule index 796b366..5b3b210 100644 --- a/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule +++ b/level_3/controller/data/settings/controller/example/rules/script/create_socket_path.rule @@ -8,7 +8,13 @@ settings: script: start { - if [[ ! -d "parameter:"socket"" ]] ; then - mkdir parameter:"verbose" -p parameter:"socket" - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + if [[ ! -d "parameter:"socket"" ]] ; then + mkdir parameter:"verbose" -p parameter:"socket" + fi + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/script/fail.rule b/level_3/controller/data/settings/controller/example/rules/script/fail.rule index dd77b41..536b4e5 100644 --- a/level_3/controller/data/settings/controller/example/rules/script/fail.rule +++ b/level_3/controller/data/settings/controller/example/rules/script/fail.rule @@ -7,8 +7,12 @@ settings: script: start { \#!/bin/bash + my_function() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + echo "Hello this is the last script, it should trigger failure." + return 1; \} diff --git a/level_3/controller/data/settings/controller/example/rules/script/iki.rule b/level_3/controller/data/settings/controller/example/rules/script/iki.rule index c451918..6f34ddb 100644 --- a/level_3/controller/data/settings/controller/example/rules/script/iki.rule +++ b/level_3/controller/data/settings/controller/example/rules/script/iki.rule @@ -9,22 +9,29 @@ settings: script: start { \#!/bin/bash - echo "=====================================" - env - echo "=====================================" - echo "IKI Path is 'define:"PATH"'" - echo "IKI define IKI_TEST 'define:"IKI_TEST"'" - echo "ENV IKI_TEST '$IKI_TEST'" - echo "Some Parameter is 'parameter:"some"'" - echo "Unknown parameter is: 'parameter:"unknown"'" - echo "Unknown environment is: 'define:"unknown"'" - echo "Unavailable environment via IKI: 'define:"USER"'" - echo "Unavailable environment via ENV: '$USER'" - echo "Program parameter verbose: 'program:"verbose"'" - echo "Program parameter verbose(option): 'program:"verbose:option"'" - echo "Program parameter verbose(value): 'program:"verbose:value"'" - echo "Program parameter PID: 'program:"pid"'" - echo "Program parameter PID(option): 'program:"pid:option"'" - echo "Program parameter PID(value): 'program:"pid:value"'" - echo "=====================================" + + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "=====================================" + env + echo "=====================================" + echo "IKI Path is 'define:"PATH"'" + echo "IKI define IKI_TEST 'define:"IKI_TEST"'" + echo "ENV IKI_TEST '$IKI_TEST'" + echo "Some Parameter is 'parameter:"some"'" + echo "Unknown parameter is: 'parameter:"unknown"'" + echo "Unknown environment is: 'define:"unknown"'" + echo "Unavailable environment via IKI: 'define:"USER"'" + echo "Unavailable environment via ENV: '$USER'" + echo "Program parameter verbose: 'program:"verbose"'" + echo "Program parameter verbose(option): 'program:"verbose:option"'" + echo "Program parameter verbose(value): 'program:"verbose:value"'" + echo "Program parameter PID: 'program:"pid"'" + echo "Program parameter PID(option): 'program:"pid:option"'" + echo "Program parameter PID(value): 'program:"pid:value"'" + echo "=====================================" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule index bb84e2d..a661846 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_1.rule @@ -6,13 +6,25 @@ settings: script: start { - echo "Serial 1: sleeping $(date -u)" - sleep 1 - echo "Serial 1: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 1: sleeping $(date -u)" + sleep 1 + echo "Serial 1: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 1: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 1: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 1: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 1: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule index 5496172..afb7392 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_2.rule @@ -7,13 +7,25 @@ settings: script: start { - echo "Serial 2: sleeping $(date -u)" - sleep 1 - echo "Serial 2: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 2: sleeping $(date -u)" + sleep 1 + echo "Serial 2: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 2: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 2: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 2: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 2: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule index fee1d88..bc17f58 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_3.rule @@ -7,13 +7,25 @@ settings: script: start { - echo "Serial 3: sleeping $(date -u)" - sleep 1 - echo "Serial 3: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 3: sleeping $(date -u)" + sleep 1 + echo "Serial 3: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 3: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 3: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 3: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 3: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule index ff7040f..b144dcc 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_4.rule @@ -7,13 +7,25 @@ settings: script: start { - echo "Serial 4: sleeping $(date -u)" - sleep 1 - echo "Serial 4: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 4: sleeping $(date -u)" + sleep 1 + echo "Serial 4: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 4: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 4: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 4: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 4: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule index 11c7c6c..60b4a31 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_5.rule @@ -7,13 +7,25 @@ settings: script: start { - echo "Serial 5: sleeping $(date -u)" - sleep 1 - echo "Serial 5: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 5: sleeping $(date -u)" + sleep 1 + echo "Serial 5: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 5: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 5: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 5: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 5: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule b/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule index 4eba10d..c6d971a 100644 --- a/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule +++ b/level_3/controller/data/settings/controller/example/rules/serial/s_6.rule @@ -6,13 +6,25 @@ settings: script: start { - echo "Serial 6: sleeping $(date -u)" - sleep 1 - echo "Serial 6: slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 6: sleeping $(date -u)" + sleep 1 + echo "Serial 6: slept $(date -u)" + \} + + main ${*} } stop { - echo "Serial 6: stopping, sleeping $(date -u)" - sleep 1 - echo "Serial 6: stopping, slept $(date -u)" + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + echo "Serial 6: stopping, sleeping $(date -u)" + sleep 1 + echo "Serial 6: stopping, slept $(date -u)" + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule index 9aafe87..3c89a7e 100644 --- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule +++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_1.rule @@ -11,6 +11,8 @@ utility: \#!/bin/bash main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + if [[ -f /tmp/sleeper_1.pid ]] ; then echo "Failure: pid file '/tmp/sleeper_1.pid' already exists." return 1 @@ -23,8 +25,9 @@ utility: echo "Sleeper 1, done sleeping." rm -f /tmp/sleeper_1.pid + return 0 \} - main & + main ${*} & } diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule index 2bc5cfc..a1d150e 100644 --- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule +++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_2.rule @@ -11,6 +11,8 @@ utility: \#!/bin/bash main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + if [[ -f /tmp/sleeper_2.pid ]] ; then echo "Failure: pid file '/tmp/sleeper_2.pid' already exists." return 1 @@ -23,8 +25,9 @@ utility: echo "Sleeper 2, done sleeping." rm -f /tmp/sleeper_2.pid + return 0 \} - main & + main ${*} & } diff --git a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule index 07ba570..3f80997 100644 --- a/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule +++ b/level_3/controller/data/settings/controller/example/rules/utility/sleeper_3.rule @@ -11,6 +11,8 @@ utility: \#!/bin/bash main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + if [[ -f /tmp/sleeper_3.1.pid ]] ; then echo "Failure: pid file '/tmp/sleeper_3.1.pid' already exists." return 1 @@ -26,7 +28,7 @@ utility: return 0 \} - main & + main ${*} & } utility: @@ -35,6 +37,8 @@ utility: \#!/bin/bash main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + if [[ -f /tmp/sleeper_3.2.pid ]] ; then echo "Failure: pid file '/tmp/sleeper_3.2.pid' already exists." return 1 @@ -47,8 +51,9 @@ utility: echo "Sleeper 3.2, done sleeping." rm -f /tmp/sleeper_3.2.pid + return 0 \} - main & + main ${*} & } diff --git a/level_3/controller/data/settings/controller/rules/boot/devices.rule b/level_3/controller/data/settings/controller/rules/boot/devices.rule index 61d3038..f7a8418 100644 --- a/level_3/controller/data/settings/controller/rules/boot/devices.rule +++ b/level_3/controller/data/settings/controller/rules/boot/devices.rule @@ -14,15 +14,21 @@ settings: script: start { - if [[ ! -d /dev/pts ]] ; then - mkdir /dev/pts - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ ! -d /dev/shm ]] ; then - mkdir /dev/shm - fi + if [[ ! -d /dev/pts ]] ; then + mkdir /dev/pts + fi - exit 0 + if [[ ! -d /dev/shm ]] ; then + mkdir /dev/shm + fi + + return 0 + \} + + main ${*} } command: diff --git a/level_3/controller/data/settings/controller/rules/boot/file_system.rule b/level_3/controller/data/settings/controller/rules/boot/file_system.rule index 41e6932..fb763fe 100644 --- a/level_3/controller/data/settings/controller/rules/boot/file_system.rule +++ b/level_3/controller/data/settings/controller/rules/boot/file_system.rule @@ -23,7 +23,13 @@ command: script: start { - if [[ ! -d /var/run/init ]] ; then - mkdir /var/run/init - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + if [[ ! -d /var/run/init ]] ; then + mkdir /var/run/init + fi + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/boot/modules.rule b/level_3/controller/data/settings/controller/rules/boot/modules.rule index 5572d90..eb0c88c 100644 --- a/level_3/controller/data/settings/controller/rules/boot/modules.rule +++ b/level_3/controller/data/settings/controller/rules/boot/modules.rule @@ -12,17 +12,23 @@ settings: script: start { - if [[ ! -f /proc/modules ]] ; then - exit 0 - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ -d /modules ]] ; then - if [[ ! -e /modules/$(uname -r)/modules.dep ]] ; then - depmod - else - depmod -A + if [[ ! -f /proc/modules ]] ; then + exit 0 fi - fi - exit 0 + if [[ -d /modules ]] ; then + if [[ ! -e /modules/$(uname -r)/modules.dep ]] ; then + depmod + else + depmod -A + fi + fi + + return 0 + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/boot/proc.rule b/level_3/controller/data/settings/controller/rules/boot/proc.rule index acb9fa5..28b605f 100644 --- a/level_3/controller/data/settings/controller/rules/boot/proc.rule +++ b/level_3/controller/data/settings/controller/rules/boot/proc.rule @@ -13,17 +13,29 @@ command: script: start { - if [[ -d /proc/bus/usb ]] ; then - mount /proc/bus/usb - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - exit 0 + if [[ -d /proc/bus/usb ]] ; then + mount /proc/bus/usb + fi + + return 0 + \} + + main ${*} } stop { - if [[ -d /proc/bus/usb ]] ; then - umount -l /proc/bus/usb - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + if [[ -d /proc/bus/usb ]] ; then + umount -l /proc/bus/usb + fi + + return 0 + \} - exit 0 + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/boot/root.rule b/level_3/controller/data/settings/controller/rules/boot/root.rule index 5f3abf6..bfc95c6 100644 --- a/level_3/controller/data/settings/controller/rules/boot/root.rule +++ b/level_3/controller/data/settings/controller/rules/boot/root.rule @@ -11,57 +11,63 @@ command: script: start { - if [[ ! -d /dev ]] ; then - mkdir /dev - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ ! -d /dev/pts ]] ; then - mkdir /dev/pts - fi + if [[ ! -d /dev ]] ; then + mkdir /dev + fi - if [[ ! -d /dev/shm ]] ; then - mkdir /dev/shm - fi + if [[ ! -d /dev/pts ]] ; then + mkdir /dev/pts + fi - if [[ ! -d /firmware ]] ; then - mkdir /firmware - fi + if [[ ! -d /dev/shm ]] ; then + mkdir /dev/shm + fi - if [[ ! -d /mnt ]] ; then - mkdir /mnt - fi + if [[ ! -d /firmware ]] ; then + mkdir /firmware + fi - if [[ ! -d /modules ]] ; then - mkdir /modules - fi + if [[ ! -d /mnt ]] ; then + mkdir /mnt + fi - if [[ ! -d /proc ]] ; then - mkdir /proc - fi + if [[ ! -d /modules ]] ; then + mkdir /modules + fi - if [[ ! -d /sys ]] ; then - mkdir /sys - fi + if [[ ! -d /proc ]] ; then + mkdir /proc + fi - if [[ ! -d /tmp ]] ; then - mkdir /tmp - fi + if [[ ! -d /sys ]] ; then + mkdir /sys + fi - if [[ ! -d /var ]] ; then - mkdir /var - fi + if [[ ! -d /tmp ]] ; then + mkdir /tmp + fi - if [[ ! -d /var/log ]] ; then - mkdir /var/log - fi + if [[ ! -d /var ]] ; then + mkdir /var + fi - if [[ ! -d /var/run ]] ; then - mkdir /var/run - fi + if [[ ! -d /var/log ]] ; then + mkdir /var/log + fi - if [[ ! -d /var/tmp ]] ; then - mkdir /var/tmp - fi + if [[ ! -d /var/run ]] ; then + mkdir /var/run + fi - exit 0 + if [[ ! -d /var/tmp ]] ; then + mkdir /var/tmp + fi + + return 0 + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/net/loopback.rule b/level_3/controller/data/settings/controller/rules/net/loopback.rule index 9377cdd..1ac8841 100644 --- a/level_3/controller/data/settings/controller/rules/net/loopback.rule +++ b/level_3/controller/data/settings/controller/rules/net/loopback.rule @@ -10,10 +10,22 @@ settings: script: start { - ip addr add 127.0.0.1/8 label lo dev lo - ip link set lo up + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + ip addr add 127.0.0.1/8 label lo dev lo + ip link set lo up + \} + + main ${*} } stop { - ip link set lo down + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + ip link set lo down + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/service/mouse.rule b/level_3/controller/data/settings/controller/rules/service/mouse.rule index ad97095..ecfcb38 100644 --- a/level_3/controller/data/settings/controller/rules/service/mouse.rule +++ b/level_3/controller/data/settings/controller/rules/service/mouse.rule @@ -10,10 +10,16 @@ settings: script: start { - # This works if gpm service is run as root, but if not then this should be in a separate rule file with appropriate access to write to /var/run (don't forget to chown!). - if [[ ! -d /var/run/mouse/ && -d /var/run ]] ; then - mkdir /var/run/mouse/ - fi + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + + # This works if gpm service is run as root, but if not then this should be in a separate rule file with appropriate access to write to /var/run (don't forget to chown!). + if [[ ! -d /var/run/mouse/ && -d /var/run ]] ; then + mkdir /var/run/mouse/ + fi + \} + + main ${*} } service: diff --git a/level_3/controller/data/settings/controller/rules/task/clock.rule b/level_3/controller/data/settings/controller/rules/task/clock.rule index 663f159..615dbcc 100644 --- a/level_3/controller/data/settings/controller/rules/task/clock.rule +++ b/level_3/controller/data/settings/controller/rules/task/clock.rule @@ -13,27 +13,33 @@ settings: script: start { - clock_file=/etc/clock - clock_mode= - clock_server= - clock_ntpdate= + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ -f $clock_file ]] ; then - clock_mode=$(fss_basic_read -can 0 mode $clock_file); - clock_server=$(fss_basic_read -can 0 server $clock_file) - clock_ntpdate=$(fss_basic_read -can 0 ntpdate $clock_file) - fi + clock_file=/etc/clock + clock_mode= + clock_server= + clock_ntpdate= - if [[ $clock_mode == "local" ]] ; then - hwclock --hctosys; - elif [[ $clock_mode == "ntp" ]] ; then - if [[ $clock_ntpdate == "yes" ]] ; then - ntpdate $clock_server && - hwclock --systohc --utc + if [[ -f $clock_file ]] ; then + clock_mode=$(fss_basic_read -can 0 mode $clock_file); + clock_server=$(fss_basic_read -can 0 server $clock_file) + clock_ntpdate=$(fss_basic_read -can 0 ntpdate $clock_file) fi - elif [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then - ntpdate $clock_server - elif [[ $clock_mode == "utc" ]] ; then - hwclock --hctosys --utc; - fi + + if [[ $clock_mode == "local" ]] ; then + hwclock --hctosys; + elif [[ $clock_mode == "ntp" ]] ; then + if [[ $clock_ntpdate == "yes" ]] ; then + ntpdate $clock_server && + hwclock --systohc --utc + fi + elif [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then + ntpdate $clock_server + elif [[ $clock_mode == "utc" ]] ; then + hwclock --hctosys --utc; + fi + \} + + main ${*} } diff --git a/level_3/controller/data/settings/controller/rules/task/ntpdate.rule b/level_3/controller/data/settings/controller/rules/task/ntpdate.rule index 5956114..9f7da58 100644 --- a/level_3/controller/data/settings/controller/rules/task/ntpdate.rule +++ b/level_3/controller/data/settings/controller/rules/task/ntpdate.rule @@ -13,16 +13,22 @@ settings: script: start { - clock_file=/etc/clock - clock_mode= - clock_server= + main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. - if [[ -f $clock_file ]] ; then - clock_mode=$(fss_basic_read -can 0 mode $clock_file); - clock_server=$(fss_basic_read -can 0 server $clock_file) - fi + clock_file=/etc/clock + clock_mode= + clock_server= - if [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then - ntpdate $clock_server - fi + if [[ -f $clock_file ]] ; then + clock_mode=$(fss_basic_read -can 0 mode $clock_file); + clock_server=$(fss_basic_read -can 0 server $clock_file) + fi + + if [[ $clock_mode == "ntpdate" && $clock_host != "" ]] ; then + ntpdate $clock_server + fi + \} + + main ${*} } diff --git a/level_3/fake/data/build/process_post.sh b/level_3/fake/data/build/process_post.sh index 4415b48..286beff 100755 --- a/level_3/fake/data/build/process_post.sh +++ b/level_3/fake/data/build/process_post.sh @@ -8,6 +8,8 @@ # The dependencies of this script are: bash and sed. # process_post_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local grab_next= local do_color=dark local i=0 diff --git a/level_3/fake/data/build/process_pre.sh b/level_3/fake/data/build/process_pre.sh index 51da85a..0eb3b56 100755 --- a/level_3/fake/data/build/process_pre.sh +++ b/level_3/fake/data/build/process_pre.sh @@ -8,6 +8,8 @@ # The dependencies of this script are: bash and sed. # process_pre_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local grab_next= local do_color=dark local i=0 diff --git a/level_3/fake/data/projects/go/example_go/data/build/process_post.sh b/level_3/fake/data/projects/go/example_go/data/build/process_post.sh index 05a7907..a5fc4d8 100755 --- a/level_3/fake/data/projects/go/example_go/data/build/process_post.sh +++ b/level_3/fake/data/projects/go/example_go/data/build/process_post.sh @@ -1,2 +1,8 @@ #!/bin/bash +main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + +} + +main ${*} diff --git a/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh b/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh index 05a7907..a5fc4d8 100755 --- a/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh +++ b/level_3/fake/data/projects/go/example_go/data/build/process_pre.sh @@ -1,2 +1,8 @@ #!/bin/bash +main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + +} + +main ${*} diff --git a/level_3/fss_basic_list_read/tests/runtime/script/generate.sh b/level_3/fss_basic_list_read/tests/runtime/script/generate.sh index c3686ce..f790f69 100644 --- a/level_3/fss_basic_list_read/tests/runtime/script/generate.sh +++ b/level_3/fss_basic_list_read/tests/runtime/script/generate.sh @@ -13,6 +13,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_basic_list_read/tests/runtime/script/verify.sh b/level_3/fss_basic_list_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_basic_list_read/tests/runtime/script/verify.sh +++ b/level_3/fss_basic_list_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/fss_basic_read/tests/runtime/script/generate.sh b/level_3/fss_basic_read/tests/runtime/script/generate.sh index c643661..fa84a38 100644 --- a/level_3/fss_basic_read/tests/runtime/script/generate.sh +++ b/level_3/fss_basic_read/tests/runtime/script/generate.sh @@ -11,6 +11,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_basic_read/tests/runtime/script/verify.sh b/level_3/fss_basic_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_basic_read/tests/runtime/script/verify.sh +++ b/level_3/fss_basic_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh b/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh index 10d51ae..3e6c4fe 100644 --- a/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh +++ b/level_3/fss_embedded_list_read/tests/runtime/script/generate.sh @@ -13,6 +13,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh b/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh +++ b/level_3/fss_embedded_list_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/fss_extended_list_read/tests/runtime/script/generate.sh b/level_3/fss_extended_list_read/tests/runtime/script/generate.sh index f65d358..8bc0c14 100644 --- a/level_3/fss_extended_list_read/tests/runtime/script/generate.sh +++ b/level_3/fss_extended_list_read/tests/runtime/script/generate.sh @@ -13,6 +13,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_extended_list_read/tests/runtime/script/verify.sh b/level_3/fss_extended_list_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_extended_list_read/tests/runtime/script/verify.sh +++ b/level_3/fss_extended_list_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/fss_extended_read/tests/runtime/script/generate.sh b/level_3/fss_extended_read/tests/runtime/script/generate.sh index f58f6b7..f26964e 100644 --- a/level_3/fss_extended_read/tests/runtime/script/generate.sh +++ b/level_3/fss_extended_read/tests/runtime/script/generate.sh @@ -13,6 +13,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_extended_read/tests/runtime/script/verify.sh b/level_3/fss_extended_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_extended_read/tests/runtime/script/verify.sh +++ b/level_3/fss_extended_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/fss_payload_read/tests/runtime/script/generate.sh b/level_3/fss_payload_read/tests/runtime/script/generate.sh index 5d6c395..0b1e79e 100644 --- a/level_3/fss_payload_read/tests/runtime/script/generate.sh +++ b/level_3/fss_payload_read/tests/runtime/script/generate.sh @@ -13,6 +13,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/fss_payload_read/tests/runtime/script/verify.sh b/level_3/fss_payload_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/fss_payload_read/tests/runtime/script/verify.sh +++ b/level_3/fss_payload_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" diff --git a/level_3/iki_read/tests/runtime/script/generate.sh b/level_3/iki_read/tests/runtime/script/generate.sh index f590333..f800a7c 100644 --- a/level_3/iki_read/tests/runtime/script/generate.sh +++ b/level_3/iki_read/tests/runtime/script/generate.sh @@ -11,6 +11,8 @@ # generate_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local file_source="${2}" local path_destination="${3}" local failure=0 diff --git a/level_3/iki_read/tests/runtime/script/verify.sh b/level_3/iki_read/tests/runtime/script/verify.sh index cdae794..9a5d6b2 100644 --- a/level_3/iki_read/tests/runtime/script/verify.sh +++ b/level_3/iki_read/tests/runtime/script/verify.sh @@ -10,6 +10,8 @@ # verify_main() { + local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope. + local path_build="${1}" local path_expect="${2}" local test_name="${3}" -- 1.8.3.1