What are the best practices to sanitize the user-entered directory while in the ash/PROCD script? Are there some packages I should have a look at for examples?
Thanks!
1 Like
What do you mean with sanitizing exactly? Canonicalize and check if it exists?
For that I would try this:
local user_directory='/home/user//lalala/$(evil foo)/.././//qrx/'
local clean_dir=$(readlink -f "$user_directory")
if [ -n "$clean_dir" -a -d "$clean_dir" ]; then
echo "Path '$user_directory' exists and resolves to directory '$clean_dir'"
else
echo "Path '$user_directory' does not exist or is not a directory"
fi
1 Like
Thank you for your prompt reply. My intention was to filter out anything invalid and I've tried using readlink -fn before, but without adding -d check.