Sanitizing input (directory name) in PROCD script

What are the best practices to sanitize the user-entered directory while in the ash/PROCD script? Are there some packages I should have a look at for examples?


1 Like

What do you mean with sanitizing exactly? Canonicalize and check if it exists?

For that I would try this:

local user_directory='/home/user//lalala/$(evil foo)/.././//qrx/'
local clean_dir=$(readlink -f "$user_directory")

if [ -n "$clean_dir" -a -d "$clean_dir" ]; then
    echo "Path '$user_directory' exists and resolves to directory '$clean_dir'"
    echo "Path '$user_directory' does not exist or is not a directory"
1 Like

Thank you for your prompt reply. My intention was to filter out anything invalid and I've tried using readlink -fn before, but without adding -d check.