tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 22:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #800 from Schmuuu/core/fix-relative-path-detection

Browse Source 
don't fail relative paths check with spaces in PATH
This commit is contained in:
Michael Boelen 2019-12-06 15:39:55 +01:00 committed by GitHub
commit c7c44535e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/binaries
View File

@ -50,7 +50,7 @@
# Test if our PATH variable provides a set of paths. If so, reverse the order. If we discover the same binary # Test if our PATH variable provides a set of paths. If so, reverse the order. If we discover the same binary
# multiple times, the one first in PATH should be used. # multiple times, the one first in PATH should be used.
if [ -n "${PATH}" ]; then if [ -n "${PATH}" ]; then
PATH_REVERSED=$(echo ${PATH} | awk -F: '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }') PATH_REVERSED=$(echo "${PATH}" | sed 's/ /!!space!!/g' | awk -F: '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
BIN_PATHS=$(echo "${PATH_REVERSED}" | tr ':' ' ') BIN_PATHS=$(echo "${PATH_REVERSED}" | tr ':' ' ')
fi fi
@ -59,8 +59,8 @@
FOUND=0 FOUND=0
if [ "${SCANDIR}" = "." ]; then FOUND=1; MSG="Found single dot (.) in PATH" if [ "${SCANDIR}" = "." ]; then FOUND=1; MSG="Found single dot (.) in PATH"
elif [ "${SCANDIR}" = ".." ]; then FOUND=1; MSG="Found double dot (..) in PATH" elif [ "${SCANDIR}" = ".." ]; then FOUND=1; MSG="Found double dot (..) in PATH"
elif echo ${SCANDIR} | grep '^\.\.' > /dev/null; then FOUND=1; MSG="Found path starting with double dot (..) in PATH" elif echo "${SCANDIR}" | grep '^\.\.' > /dev/null; then FOUND=1; MSG="Found path starting with double dot (..) in PATH"
elif echo ${SCANDIR} | grep '^[a-zA-Z]' > /dev/null; then FOUND=1; MSG="Found relative path in PATH" elif echo "${SCANDIR}" | grep '^[a-zA-Z]' > /dev/null; then FOUND=1; MSG="Found relative path in PATH"
fi fi
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
# Stop execution if privileged, otherwise continue but warn user # Stop execution if privileged, otherwise continue but warn user
@ -76,11 +76,12 @@
# Now perform binary detection # Now perform binary detection
for SCANDIR in ${BIN_PATHS}; do for SCANDIR in ${BIN_PATHS}; do
SCANDIR=$(echo "$SCANDIR" | sed 's/!!space!!/ /g')
LogText "Test: Checking binaries in directory ${SCANDIR}" LogText "Test: Checking binaries in directory ${SCANDIR}"
ORGPATH="" ORGPATH=""
if [ -d ${SCANDIR} ]; then if [ -d "${SCANDIR}" ]; then
SKIPDIR=0 SKIPDIR=0
if [ -L ${SCANDIR} ]; then if [ -L "${SCANDIR}" ]; then
LogText "Result: directory exists, but is actually a symlink" LogText "Result: directory exists, but is actually a symlink"
ShowSymlinkPath ${SCANDIR} ShowSymlinkPath ${SCANDIR}
if [ ${FOUNDPATH} -eq 1 ]; then if [ ${FOUNDPATH} -eq 1 ]; then
@ -109,7 +110,7 @@
LogText "Directory ${SCANDIR} exists. Starting directory scanning..." LogText "Directory ${SCANDIR} exists. Starting directory scanning..."
# Show the contents of the directory with binaries, ignore directories # Show the contents of the directory with binaries, ignore directories
FIND=$(ls -p ${SCANDIR} | grep -v '/$') FIND=$(ls -p "${SCANDIR}" | grep -v '/$')
for FILENAME in ${FIND}; do for FILENAME in ${FIND}; do
COUNT=$((COUNT + 1)) COUNT=$((COUNT + 1))
BINARY="${SCANDIR}/${FILENAME}" BINARY="${SCANDIR}/${FILENAME}"
@ -293,7 +294,7 @@
# unset SORTED_BIN_PATHS # unset SORTED_BIN_PATHS
BINARY_SCAN_FINISHED=1 BINARY_SCAN_FINISHED=1
BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/ //g') BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/, /,/g')
LogText "Discovered directories: ${BINARY_PATHS_FOUND}" LogText "Discovered directories: ${BINARY_PATHS_FOUND}"
LogText "Result: found ${COUNT} binaries" LogText "Result: found ${COUNT} binaries"
Report "binaries_count=${COUNT}" Report "binaries_count=${COUNT}"