From bc6321c06a86d7314939c0967a74a345c81cfbb6 Mon Sep 17 00:00:00 2001 From: Steven Baltakatei Sandoval Date: Sat, 1 Feb 2025 06:23:08 +0000 Subject: [PATCH 1/1] fix(user/bkotslu):Add regex checks on block nums and hashes --- user/bkotslu | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/user/bkotslu b/user/bkotslu index cb372b5..f7bf9cc 100755 --- a/user/bkotslu +++ b/user/bkotslu @@ -1,7 +1,7 @@ #!/bin/bash # Desc: Utility for backing up and retrieving ots files # Usage: bkotslu -I [dir] -# Version: 0.1.0 +# Version: 0.1.3 # Depends: OpenTimestamps 0.7.0 (see https://opentimestamps.org ) # GNU Coreutils 8.32 # NOTE: This script does not verify OTS files; it assumes the contents of OTS files fed to it are valid. @@ -213,18 +213,19 @@ get_ots_filehash() { # Output: stdout sha256 file hash (lowercase) local output; vbm "DEBUG:Starting get_ots_filehash() on:$1"; - + + re='[0-9a-f]{64}'; if output="$( "$(which ots)" info "$1" | \ grep -E "^File sha256 hash: " | \ head -n1 | \ sed -E -e 's/(^File sha256 hash: )([0-9a-f]+$)/\2/g'; )" && \ - [[ -n "$output" ]]; then + [[ -n "$output" ]] && \ + [[ "$output" =~ $re ]]; then vbm "STATUS:Read file digest (${output}) via ots from:$1"; printf "%s" "$output"; return 0; else - yell "ERROR:Encountered problem getting file hash via ots from:$1"; - return 1; + die "ERROR:Encountered problem getting file hash via ots from:$1"; fi; }; # Gets hash of file from ots file get_ots_oldestblock() { @@ -238,18 +239,19 @@ get_ots_oldestblock() { # BK-2020-03: yell() local output; vbm "DEBUG:Starting get_ots_oldestblock() on:$1"; - + + re='[0-9]+'; if output="$( "$(which ots)" info "$1" | \ grep -E "verify BitcoinBlockHeaderAttestation\([0-9]+\)" | \ sort | head -n1 | \ sed -E -e 's/(^ verify BitcoinBlockHeaderAttestation)\(([0-9]+)(\))/\2/g'; )" && \ - [[ -n "$output" ]]; then + [[ -n "$output" ]] && \ + [[ "$output" =~ $re ]]; then vbm "STATUS:Retrieved Bitcoin block (${output}) via ots from:$1"; printf "%s" "$output"; return 0; else - yell "ERROR:Encountered problem getting Bitcoin block number via ots from:$1"; - return 1; + die "ERROR:Encountered problem getting Bitcoin block number via ots from:$1"; fi; }; # Gets oldest Bitcoin block from ots file store_ots_file() { @@ -287,6 +289,10 @@ store_ots_file() { if ! { blk_provid="$block"; blk_stored="$(get_ots_oldestblock "$pout"; )"; }; then yell "ERROR:Could not read block numbers from OTS files: $(declare -p fhash block pout )"; fi; + re='[0-9]+'; + if [[ ! "$blk_stored" =~ $re ]] || [[ ! "$blk_provid" =~ $re ]]; then + die "FATAL:Invalid block number(s):$(declare -p blk_stored blk_provid)"; + fi; # Copy provided OTS if matching OTS found stored but provided is older if [[ "$blk_provid" -lt "$blk_stored" ]]; then @@ -317,13 +323,16 @@ get_oldest_stored_ots_path() { digest="$1"; mapfile -t otsStorePaths < <(find "$pathOtsStore" -type f -name "${digest}*.otsu"; ); if [[ "${#otsStorePaths[@]}" -le 0 ]]; then - yell "ERROR:No OTS file in OTS storage dir found. $(declare -p pathOtsStore digest otsStorePaths)"; + yell "NOTICE:No OTS file for digest ${digest} found in ${pathOtsStore}."; return 1; fi; i_oldest=0; + re='[0-9]+'; blockNumOldest="$( get_block_num_from_stored_ots_path "${otsStorePaths[0]}" )"; + if ! [[ "$blockNumOldest" =~ $re ]]; then die "FATAL:Invalid block number:${blockNumOldest}"; fi; for ((i=0; i<"${#otsStorePaths[@]}"; i++ )); do blockNum="$( get_block_num_from_stored_ots_path "${otsStorePaths[$i]}" )"; + if ! [[ "$blockNum" =~ $re ]]; then die "FATAL:Invalid block number:${blockNum}"; fi; if [[ $blockNum -lt $blockNumOldest ]]; then blockNumOldest=$blockNum; i_oldest=$i; @@ -396,8 +405,12 @@ store_and_lookup() { ## Check for OTS file accompanying provided file if [[ -f "${pathFileIn}.ots" ]]; then vbm "STATUS:An OTS file is next to provided file ${pathFileIn}."; - blk_provid="$(get_ots_oldestblock "${pathFileIn}.ots"; )"; + blk_provid="$(must get_ots_oldestblock "${pathFileIn}.ots"; )"; vbm "STATUS:The provided file's OTS file has block number ${blk_provid}"; + re='[0-9]+'; + if [[ ! "$blk_stored" =~ $re ]] || [[ ! "$blk_provid" =~ $re ]]; then + die "FATAL:Invalid block number(s):$(declare -p blk_stored blk_provid)"; + fi; if [[ "$blk_stored" -lt "$blk_provid" ]]; then vbm "STATUS:An older timestamp in OTS store found. Replacing ${pathFileIn}.ots (block ${blk_provid}) with ${path_stored_ots} (block ${blk_stored})."; if [[ ! -f "${pathFileIn}.ots.baku" ]]; then -- 2.39.5