From: Steven Baltakatei Sandoval Date: Sat, 4 Jul 2020 21:46:37 +0000 (+0000) Subject: feat(bkgpslog):Add additional validation for age pubkeys X-Git-Url: https://zdv2.bktei.com/gitweb/EVA-2020-02.git/commitdiff_plain/d6ba417340cdc4b063c92698b7c75a5a3345065b?hp=--cc feat(bkgpslog):Add additional validation for age pubkeys --- d6ba417340cdc4b063c92698b7c75a5a3345065b diff --git a/exec/bkgpslog b/exec/bkgpslog index 63acc84..84a74b0 100755 --- a/exec/bkgpslog +++ b/exec/bkgpslog @@ -14,7 +14,7 @@ DIR_TMP_DEFAULT="/dev/shm"; # Default parent of working directory SCRIPT_TIME_START=$(date +%Y%m%dT%H%M%S.%N); PATH="$HOME/.local/bin:$PATH"; # Add "$(systemd-path user-binaries)" path in case apps saved there SCRIPT_HOSTNAME=$(hostname); # Save hostname of system running this script. -SCRIPT_VERSION="0.3.7"; # Define version of script. +SCRIPT_VERSION="0.3.8"; # Define version of script. SCRIPT_NAME="bkgpslog"; # Define basename of script file. SCRIPT_URL="https://gitlab.com/baltakatei/ninfacyzga-01"; # Define wesite hosting this script. AGE_VERSION="1.0.0-beta2"; # Define version of age (encryption program) @@ -819,6 +819,42 @@ appendFileTar(){ try tar --append --directory="$TMP_DIR" --file="$TAR_PATH" "$FILENAME"; #yell "DEBUG:STATUS:$FN:Finished appendFileTar()." } # Append file to Tar archive +validateInput() { + # Desc: Validates Input + # Usage: validateInput [str input] [str input type] + # Version: 0.2.1 + # Input: arg1: string to validate + # arg2: string specifying input type (ex:"ssh_pubkey") + # Output: return code 0: if input string matched specified string type + # Depends: bash 5, yell + + # Save function name + local FN="${FUNCNAME[0]}"; + + # Process arguments + argInput="$1"; + argType="$2"; + if [[ $# -gt 2 ]]; then yell "ERROR:$0:$FN:Too many arguments."; exit 1; fi; + + # Check for blank + if [[ -z "$argInput" ]]; then return 1; fi + + # Define input types + ## ssh_pubkey + ### Check for alnum/dash base64 (ex: "ssh-rsa AAAAB3NzaC1yc2EAAA") + if [[ "$argType" = "ssh_pubkey" ]]; then + if [[ "$argInput" =~ ^[[:alnum:]-]*[\ ]*[[:alnum:]+/=]*$ ]]; then + return 0; fi; fi; + + ## age_pubkey + ### Check for age1[:bech32:] + if [[ "$argType" = "age_pubkey" ]]; then + if [[ "$argInput" =~ ^age1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]*$ ]]; then + return 0; fi; fi + + # Return error if no condition matched. + return 1; +} # Validates strings magicWriteVersion() { # Desc: Appends time-stamped VERSION to PATHOUT_TAR # Usage: magicWriteVersion @@ -935,7 +971,8 @@ main() { if checkapp age; then # Check that age is available. for pubkey in "${recPubKeys[@]}"; do # Validate recipient pubkey strings by forming test message vbm "DEBUG:Testing pubkey string:$pubkey"; - if echo "butts" | age -a -r "$pubkey" 1>/dev/null; then + if echo "butts" | age -a -r "$pubkey" 1>/dev/null && + ( validateInput "$pubkey" "ssh_pubkey" || validateInput "$pubkey" "age_pubkey"); then #### Form age recipient string recipients="$recipients""-r '$pubkey' "; vbm "STATUS:Added pubkey for forming age recipient string:""$pubkey";