Fix for Sed Injection Vulnerability

2025-07-05 20:41:53 -07:00 · 2022-06-04 19:06:23 +02:00 · 2022-06-04 19:06:23 +02:00 · 0f86941e8e
commit 0f86941e8e
parent 8dd8cd0767
2 changed files with 18 additions and 0 deletions
--- a/func/main.sh
+++ b/func/main.sh
@ -838,6 +838,22 @@ is_format_valid_shell() {
        exit $E_INVALID	
    fi	
 }
+
+format_no_quotes() {
+    exclude="['|\"]"
+    if [[ "$1" =~ $exclude ]]; then
+       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
+    fi
+    is_no_new_line_format "$1"
+}
+
+is_no_new_line_format() {
+    test=$(echo "$1" | head -n1 );
+    if [[ "$test" != "$1" ]]; then
+      check_result "$E_INVALID" "invalid value :: $1"
+    fi
+}
+
 # Format validation controller
 is_format_valid() {
    for arg_name in $*; do
@ -846,6 +862,7 @@ is_format_valid() {
            case $arg_name in
                account)        is_user_format_valid "$arg" "$arg_name";;
                action)         is_fw_action_format_valid "$arg";;
+                alias)          is_alias_format_valid "$arg" ;;
                aliases)        is_alias_format_valid "$arg" ;;
                antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;