[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifying numeric values
From: |
Andy Chu |
Subject: |
Re: Verifying numeric values |
Date: |
Mon, 18 Oct 2021 23:44:16 -0400 |
On Mon, Oct 18, 2021 at 11:25 PM Greg Wooledge <greg@wooledge.org> wrote:
>
> On Mon, Oct 18, 2021 at 11:10:32PM -0400, Andy Chu wrote:
> > Try this:
> >
> > is_valid() {
> > local x=$1
> > local b=$(( 1 <= x && x <= 255 ))
> > return $(( ! b )) # 0 is true, 1 is false
> > }
>
> Using un-validated input in a math context is a code injection in bash.
> Given that the purpose of this function is to validate the input, one
> must assume the input may be malicious.
Yes good point, I wrote about that here:
https://www.oilshell.org/blog/2019/01/18.html#a-story-about-a-30-year-old-security-problem
In that case I would turn it into something like this
is_valid() {
local x=$1
if [[ $x =~ [[:digit:]]+ ]]; then
local b=$(( 1 <= x && x <= 255 ))
return $(( ! b )) # 0 is true, 1 is false
else
return 1
fi
}
(Or use 'expr' if you care about portability to non-bash shells.)
- Verifying numeric values, tolugboji, 2021/10/18
- Re: Verifying numeric values, David, 2021/10/18
- Re: Verifying numeric values, Andy Chu, 2021/10/18
- Re: Verifying numeric values, Greg Wooledge, 2021/10/18
- Verifying numeric values, tolugboji, 2021/10/18
- Re: Verifying numeric values,
Andy Chu <=
- Re: Verifying numeric values, Greg Wooledge, 2021/10/19
- Verifying numeric values, tolugboji, 2021/10/19
- Verifying numeric values, tolugboji, 2021/10/19
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/19
- Message not available
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/19
- Message not available
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/20
Re: Verifying numeric values, Chris F.A. Johnson, 2021/10/18