Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: sanitize_input does not work as expected #324

Open
1 task done
dimitry-ishenko opened this issue Dec 14, 2024 · 7 comments · May be fixed by #326
Open
1 task done

[Bug]: sanitize_input does not work as expected #324

dimitry-ishenko opened this issue Dec 14, 2024 · 7 comments · May be fixed by #326
Labels
Bug Something isn't working as it should

Comments

@dimitry-ishenko
Copy link
Collaborator

What happened?

While testing PR #320 I would get the following error:

admin@armbian:~/configng$ bin/armbian-config --api pkg_install vim-airline

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package Invalid argument: vim-airline

Upon further testing, any package containing dash (-) in the name would produce similar error.

It turns out the error is generated by the sanitize_input function which does not allow dashes. However, the pipeline doesn't seem to work as expected, since instead of just reporting the error "Invalid argument: vim-airline," this output is passed further down the pipeline.

In the end the pkg_install function tries to install a package called Invalid argument: vim-airline, which results in a confusing error.

How to reproduce?

See above.

On which host OS are you running the build script and observing this problem?

Ubuntu 24.04 Noble

Code of Conduct

  • I agree to follow this project's Code of Conduct
@dimitry-ishenko dimitry-ishenko added the Bug Something isn't working as it should label Dec 14, 2024
@dimitry-ishenko
Copy link
Collaborator Author

Looking at

configng/tools/modules/functions/config_interface.sh

Lines 480 to 491 in 0a257fd

sanitize_input() {
local sanitized_input=()
for arg in "$@"; do
if [[ $arg =~ ^[a-zA-Z0-9_=]+$ ]]; then
sanitized_input+=("$arg")
else
echo "Invalid argument: $arg"
exit 1
fi
done
echo "${sanitized_input[@]}"
}

My guess is that the intended behavior was to terminate program execution and print out an error message. However, in most cases sanitize_input will be used in a sub-shell such as

configng/bin/armbian-config

Line 94 in 0a257fd

args=$(sanitize_input "$@")

or

configng/bin/armbian-config

Line 106 in 0a257fd

args=$(sanitize_input "$@")

This will terminate the sub-shell with exit code 1, but unless checked in the super-shell, will continue normal execution, which is what's happening here.

@dimitry-ishenko
Copy link
Collaborator Author

Suggestions to resolve the bug:

  • When reporting an error, direct it at stderr and not stdout (which is why we have it 😉 ), eg:

    echo "Invalid argument: $arg" >&2
exit 1

  • Check for sub-shell exit code:

    args=$(sanitize_input "$@") || exit 1

  • We can also leverage set -e option, which will automatically abort script execution on error.

  • To add consistency and reduce boiler-plate we could introduce commands such as:

    error() { echo "$@" >&2; }
die() { error "$@"; exit 1; }

    Then the above code becomes something like:

    sanitize_input() {
    ...
        die "Invalid argument: $arg"
    ...
}

    and

    args=$(sanitize_input "$@") || die

@dimitry-ishenko
Copy link
Collaborator Author

And, obviously, sanitize_input should allow dashes in the input.

@Tearran
Copy link
Member

Tearran commented Dec 15, 2024

@dimitry-ishenko Sanitise input contribution was aimed primarily at removing escape sequences.
This is one of the placeholder implementations that is incomplete and needs refinement or replacement. Another example you are familiar with is process_input.

This has been a place for expanding and learning: If a may ask :) Are you saying that while the implementation is flawed (BUG), the concept is not, and sanitize_input should handle input validation more comprehensively rather than be removed?

For later implementation and though.
If we validate, should we not include a manner to use the database to actually verify inputs?

@dimitry-ishenko
Copy link
Collaborator Author

Are you saying that while the implementation is flawed (BUG), the concept is not, and sanitize_input should handle input validation more comprehensively rather than be removed?

It's hard to tell without knowing the original intent, but I would say it should be removed... I am not a security specialist, but I don't see what problem it's trying to solve... Is there a case of using an escape sequence to compromise the system?

Or, if there is a valid need for it, then maybe it can be modified to use a blacklist to detect escape char in the input instead.

@Tearran
Copy link
Member

Tearran commented Dec 15, 2024

The intent was precaution more than anything for when armbian-config was not strictly an admin tool as it is now.

@dimitry-ishenko
Copy link
Collaborator Author

Maybe it should be removed for now, and if the need arises later, it can be resurrected. Just my 2 cents.

@Tearran Tearran linked a pull request Dec 18, 2024 that will close this issue
[fix] Non interactive modes ( [Bug]: sanitize_input #324 ) #326
Open
@Tearran Tearran linked a pull request Dec 18, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working as it should
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[fix] Non interactive modes ( [Bug]: sanitize_input #324 ) armbian/configng
2 participants
@Tearran @dimitry-ishenko