Fix for Sed Injection Vulnerability

2025-08-19 21:04:07 -07:00 · 2022-06-04 19:06:23 +02:00 · 2022-06-04 19:06:23 +02:00 · 0f86941e8e
commit 0f86941e8e
parent 8dd8cd0767
2 changed files with 18 additions and 0 deletions
--- a/bin/v-change-sys-config-value
+++ b/bin/v-change-sys-config-value
@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'
 format_no_quotes "$value" 'value'
 #----------------------------------------------------------#
 #                       Action                             #
--- a/func/main.sh
+++ b/func/main.sh
@ -838,6 +838,22 @@ is_format_valid_shell() {
        exit $E_INVALID	
    fi	
 }
 format_no_quotes() {
    exclude="['|\"]"
    if [[ "$1" =~ $exclude ]]; then
       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
    fi
    is_no_new_line_format "$1"
 }
 is_no_new_line_format() {
    test=$(echo "$1" | head -n1 );
    if [[ "$test" != "$1" ]]; then
      check_result "$E_INVALID" "invalid value :: $1"
    fi
 }
 # Format validation controller
 is_format_valid() {
    for arg_name in $*; do
@ -846,6 +862,7 @@ is_format_valid() {
            case $arg_name in
                account)        is_user_format_valid "$arg" "$arg_name";;
                action)         is_fw_action_format_valid "$arg";;
                alias)          is_alias_format_valid "$arg" ;;
                aliases)        is_alias_format_valid "$arg" ;;
                antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;