This site uses cookies. By continuing, your consent is assumed. Learn more

104.6fm shares

Validating user input in shell script

opinion

By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

I'm writing a bash script that requires several pieces of user input, primarily directory paths and file names. The program will create the specified directories and files.

I am trying to write...

I also want to assure the user has not added any command-line options for example, if I run sudoI want to assure that the user has not appended -u anywhere in their statement to their input. However, I'm not entirely certain of the best way to sanitize their input, since directory paths and Validating user input in shell script may contain dashes, underscores, spaces, periods, and alphanumeric characters.

Any other character should be detected. User input is gathered through read.

There's a tendency that inputs...

Validating user input in shell script using an Ubuntu system, so as long as it complies with Ubuntu shell then it'll work. Assume that only the default system packages are installed. Multiple options are acceptable to handle individual sections of validation e. Absolute paths are required for correct mapping of directory structure. Any other format of path would cause the program to incorrectly interpret the structure when matched or appended to other paths, due to the functions I'm performing on the strings of paths.

I used the accepted answer, using realpath in some situations and readlinkand using -- to interpret the following text as parameters.

If you want to allow relative paths, then use the result of readlink or realpath as your path. If you want to disallow relative paths, then compare the original string to the result of readlink or realpath. I use realpath to catch relative paths, then always use user input between double quotes to avoid commands injection if any is possible. I guess there are better ways of doing but at the moment that's all I can think of. By clicking "Post Your Answer", you acknowledge that you have read our updated terms of serviceprivacy policy and cookie policyand that your continued use of the website is subject to these policies.

Logan Hartman 26 8. Apart from that, enclose all variables in double quotes to "Validating user input in shell script" expansion. While that does take care of the first two problems, it still remains that the user can entire directory paths in a format my program cannot accept.

I either need to reject invalid input, or conform it to valid input. But anyway, if you have legitimate reasons for restricting your inputs, you should explain them in the question. It's possible that your reasons will map to known solutions. What kind of comparison do you need? Note that two paths can both be absolute, and be completely different, yet point to the same file. So, please put aside your mistaken scruples, and edit your question to add the relevant details about what you actually need.

Your while read is thus quite buggy: Validating user input in shell script with backslash literals have them stripped unless doubled up ; trailing whitespace is removed by the read command itself if IFS isn't cleared; and if an entry does end in a backslash, read takes it to mean that the line after it is part of the same entry!

You could do something like this: Quoting variables does not prevent them from being parsed as options.

Use -- for that. Siguza Could you please provide an example where this script isn't safe? Again, not exploitable, but probably undesirable. Thanks, advice included in the code above. I'll have to try this once I am home and see if it will work. Sign up or log in Sign up using Google.

Sign up using Facebook.