Repository :
http://git.fedorahosted.org/git/?p=secure-coding.git
On branch : master
---------------------------------------------------------------
commit 0c1d3d46838c1427d17cadabf4000444bb614046
Author: Florian Weimer <fweimer(a)redhat.com>
Date: Mon Oct 13 09:51:42 2014 +0200
Shell: Use a snippet for the input validation example
Add self-tests to the snippet code. Mention that this construct is
bash-specific.
Fixes the broken regular expression spotted by Eric Blake.
---------------------------------------------------------------
defensive-coding/en-US/Shell.xml | 27 ++++++-------
...ons-snprintf.xml => Shell-Input_Validation.xml} | 10 +++-
defensive-coding/src/Shell-Input_Validation.sh | 41 ++++++++++++++++++++
3 files changed, 61 insertions(+), 17 deletions(-)
diff --git a/defensive-coding/en-US/Shell.xml b/defensive-coding/en-US/Shell.xml
index f889dc1..d6a9465 100644
--- a/defensive-coding/en-US/Shell.xml
+++ b/defensive-coding/en-US/Shell.xml
@@ -398,23 +398,22 @@ trap cleanup 0
linkend="sect-Defensive_Coding-Shell-Arithmetic"/>.
</para>
<para>
- The following construct can be used to check if a string
- “<literal>$value</literal>” is an integer.
+ <xref linkend="ex-Defensive_Coding-Shell-Input_Validation"/>
+ shows a construct which can be used to check if a string
+ “<literal>$value</literal>” is an integer. This construct is
+ specific to <application>bash</application> and not portable to
+ POSIX shells.
</para>
- <informalexample>
- <programlisting language="Bash">
-if [[ $value =~ ^-?[0-9]$ ]] ; then
- echo value is an integer
-else
- echo "value is not an integer" 1>&2
- exit 1
-fi
- </programlisting>
- </informalexample>
+ <example id="ex-Defensive_Coding-Shell-Input_Validation">
+ <title>Input validation in
<application>bash</application></title>
+ <xi:include href="snippets/Shell-Input_Validation.xml"
+
xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </example>
<para>
Using <literal>case</literal> statements for input validation is
- also possible, but the pattern language is more restrictive, and
- it can be difficult to write suitable patterns.
+ also possible and supported by other (POSIX) shells, but the
+ pattern language is more restrictive, and it can be difficult to
+ write suitable patterns.
</para>
<para>
The <literal>expr</literal> external command can give misleading
diff --git a/defensive-coding/en-US/snippets/C-String-Functions-snprintf.xml
b/defensive-coding/en-US/snippets/Shell-Input_Validation.xml
similarity index 60%
copy from defensive-coding/en-US/snippets/C-String-Functions-snprintf.xml
copy to defensive-coding/en-US/snippets/Shell-Input_Validation.xml
index dc790d8..61cb7d1 100644
--- a/defensive-coding/en-US/snippets/C-String-Functions-snprintf.xml
+++ b/defensive-coding/en-US/snippets/Shell-Input_Validation.xml
@@ -2,7 +2,11 @@
<!DOCTYPE programlisting PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>
<!-- Automatically generated file. Do not edit. -->
-<programlisting language="C">
-char fraction[30];
-snprintf(fraction, sizeof(fraction), "%d/%d", numerator, denominator);
+<programlisting language="Bash">
+if [[ $value =~ ^-?[0-9]+$ ]] ; then
+ echo value is an integer
+else
+ echo "value is not an integer" 1>&2
+ exit 1
+fi
</programlisting>
diff --git a/defensive-coding/src/Shell-Input_Validation.sh
b/defensive-coding/src/Shell-Input_Validation.sh
new file mode 100644
index 0000000..2b86a49
--- /dev/null
+++ b/defensive-coding/src/Shell-Input_Validation.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+validate () {
+ local value="$1"
+ #+ Shell Input_Validation
+ if [[ $value =~ ^-?[0-9]+$ ]] ; then
+ echo value is an integer
+ else
+ echo "value is not an integer" 1>&2
+ exit 1
+ fi
+ #-
+}
+
+check_validate () {
+ local value="$1"
+ local expected="$2"
+ (
+ validate "$value"
+ ) >/dev/null 2>/dev/null
+ result="$?"
+ if ! test "$result" -eq "$expected" ; then
+ echo "failure: validate \"$value\" $expected -> got $result"
+ fi
+}
+
+check_validate "" 1
+check_validate "0" 0
+check_validate "9" 0
+check_validate "-0" 0
+check_validate "-9" 0
+check_validate "10" 0
+check_validate "19" 0
+check_validate "-10" 0
+check_validate "-19" 0
+check_validate " 0" 1
+check_validate "--1" 1
+check_validate "1-" 1
+check_validate "1 || 0" 1
+check_validate '1$(kill -9 $PPID)' 1
+check_validate '2$(id)' 1