From 0fa23e77598f6f6e7f4528f720bf696dd91ee811 Mon Sep 17 00:00:00 2001 From: "Carlos A. Parra F" Date: Wed, 24 Mar 2021 10:54:46 +0100 Subject: [PATCH 1/5] Replaced instances from non-standard "which" with equivalent "command -v". --- tools/gvm-lsc-deb-creator | 6 +++--- tools/gvm-lsc-rpm-creator | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 2be768852..dd79e40a9 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -92,19 +92,19 @@ CONTROL_DIR="${PACKAGE_BASE_DIR}/DEBIAN" # # Test dependencies # -if [ -z "$(which dpkg)" ] +if [ -z "$(command -v dpkg)" ] then echo "dpkg not found" >&2 exit 1 fi -if [ -z "$(which fakeroot)" ] +if [ -z "$(command -v fakeroot)" ] then echo "fakeroot not found" >&2 exit 1 fi -if [ -z "$(which md5sum)" ] +if [ -z "$(command -v md5sum)" ] then echo "md5sum not found" >&2 exit 1 diff --git a/tools/gvm-lsc-rpm-creator b/tools/gvm-lsc-rpm-creator index b77b4f3dd..33b45f524 100755 --- a/tools/gvm-lsc-rpm-creator +++ b/tools/gvm-lsc-rpm-creator @@ -78,13 +78,13 @@ SPEC_DIR="${TEMP_DIR}" # # Test dependencies # -if [ -z "$(which fakeroot)" ] +if [ -z "$(command -v fakeroot)" ] then echo "fakeroot not found" >&2 exit 1 fi -if [ -z "$(which rpmbuild)" ] +if [ -z "$(command -v rpmbuild)" ] then echo "rpmbuild not found" >&2 exit 1 From b1684bbfb9c45f95f68db5eaad0098eab6911197 Mon Sep 17 00:00:00 2001 From: "Carlos A. Parra F" Date: Wed, 24 Mar 2021 11:08:42 +0100 Subject: [PATCH 2/5] Added missing warnings to 'cd' command in case of fail. --- tools/gvm-lsc-deb-creator | 8 ++++---- tools/gvm-lsc-rpm-creator | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index dd79e40a9..150b0878a 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -134,7 +134,7 @@ cp "${PUBKEY_FILE}" "${AUTH_KEYS_FILE}" mkdir -p "${DOC_DATA_DIR}" # Create Changelog -cd "${DOC_DATA_DIR}" +cd "${DOC_DATA_DIR}" || echo "'cd' somehow failed to access changelog dir." CHANGELOG_FILE="${DOC_DATA_DIR}/changelog.Debian" { echo "${PACKAGE_NAME} (${PACKAGE_VERSION}) experimental; urgency=low" @@ -160,7 +160,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright" } > "${COPYRIGHT_FILE}" # Create data archive -cd "${DATA_DIR}" +cd "${DATA_DIR}" || echo "'cd' somehow failed to access data dir." tar -C "${DATA_DIR}" -acf "../data.tar.xz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" @@ -226,7 +226,7 @@ chmod "0755" "${POSTRM_FILE}" # Calculate md5 checksums MD5SUMS_FILE="${CONTROL_DIR}/md5sums" -cd "${DATA_DIR}" +cd "${DATA_DIR}" || echo "'cd' somehow failed to access data dir." { md5sum "${HOME_SUBDIR}/.ssh/authorized_keys" md5sum "${DOC_SUBDIR}/changelog.Debian.gz" @@ -238,5 +238,5 @@ cd "${DATA_DIR}" # # Combine into .deb file -cd "${TEMP_DIR}" +cd "${TEMP_DIR}" || echo "'cd' somehow failed ti access temporary dir." fakeroot -- dpkg --build "${PACKAGE_NAME_VERSION}" "${OUTPUT_PATH}" diff --git a/tools/gvm-lsc-rpm-creator b/tools/gvm-lsc-rpm-creator index 33b45f524..0c15b5793 100755 --- a/tools/gvm-lsc-rpm-creator +++ b/tools/gvm-lsc-rpm-creator @@ -173,7 +173,7 @@ SPEC_FILE="${SPEC_DIR}/${PACKAGE_NAME_VERSION}.spec" # # Build package -cd "$TEMP_DIR" +cd "$TEMP_DIR" || echo "'cd' somehow failed to access temporary dir." fakeroot -- rpmbuild --bb "${SPEC_FILE}" --buildroot "${BUILD_ROOT_DIR}" # Move package to new destination From 72b0a333b0b1688be89de81801534a82ef42de19 Mon Sep 17 00:00:00 2001 From: "Carlos A. Parra F" Date: Wed, 24 Mar 2021 11:29:50 +0100 Subject: [PATCH 3/5] Replaced legacy `..` with equivalent $(..). --- src/alert_methods/SCP/alert | 12 ++++++------ src/alert_methods/TippingPoint/alert | 10 +++++----- src/alert_methods/vFire/alert | 2 +- tools/create-gvm-migrate-config | 2 +- tools/greenbone-feed-sync.in | 16 ++++++++-------- tools/gvm-export-config | 8 ++++---- tools/gvm-manage-certs.in | 2 +- tools/gvm-migrate-config | 2 +- 8 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/alert_methods/SCP/alert b/src/alert_methods/SCP/alert index a75563ab6..24b0d871b 100755 --- a/src/alert_methods/SCP/alert +++ b/src/alert_methods/SCP/alert @@ -26,15 +26,15 @@ PRIVATE_KEY_FILE=$5 PASSWORD_FILE=$6 REPORT_FILE=$7 -KNOWN_HOSTS_FILE=`mktemp` || exit 1 +KNOWN_HOSTS_FILE=$(mktemp) || exit 1 echo $KNOWN_HOSTS > $KNOWN_HOSTS_FILE -ERROR_FILE=`mktemp` || exit 1 +ERROR_FILE=$(mktemp) || exit 1 log_error() { # remove \r used in line feed by scp or sshpass (\r\n) # which can make journalctl interpret the output as blob data - MESSAGE=`echo "$1" | tr -d '\r'` + MESSAGE=$(echo "$1" | tr -d '\r') logger "SCP alert: $MESSAGE" echo "$MESSAGE" >&2 } @@ -51,18 +51,18 @@ then fi # Escape destination because it is also expanded on the remote end. -DEST_ESC=`shell_esc "$DEST"` +DEST_ESC=$(shell_esc "$DEST") if [ -z "$PRIVATE_KEY_FILE" ] then timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE else - timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE + timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE" fi EXIT_CODE=$? -ERROR_SHORT=`head -n 3 $ERROR_FILE` +ERROR_SHORT=$(head -n 3 "$ERROR_FILE") if [ $EXIT_CODE -eq 1 ] then diff --git a/src/alert_methods/TippingPoint/alert b/src/alert_methods/TippingPoint/alert index fcef4d5d7..f2ffdc965 100644 --- a/src/alert_methods/TippingPoint/alert +++ b/src/alert_methods/TippingPoint/alert @@ -32,7 +32,7 @@ urlencode () { } # Create temp file for converted report -REPORT_DATE=$(xmlstarlet sel -t -v "report/timestamp" < $REPORT_PATH) +REPORT_DATE=$(xmlstarlet sel -t -v "report/timestamp" < "$REPORT_PATH") EXIT_CODE=$? if [ 0 -ne $EXIT_CODE ] then @@ -41,7 +41,7 @@ fi REPORT_DATE=$(date -d "$REPORT_DATE" +%Y%m%d%H%M%S) -CONVERTED_PATH=$(mktemp "$(dirname ${REPORT_PATH})/report-${REPORT_DATE}-XXXXXX.csv") +CONVERTED_PATH=$(mktemp "$(dirname "${REPORT_PATH}")/report-${REPORT_DATE}-XXXXXX.csv") EXIT_CODE=$? if [ 0 -ne $EXIT_CODE ] then @@ -58,7 +58,7 @@ then fi # Get and reformat scan run times -START_TIME=$(xmlstarlet sel -t -v "report/scan_start" < $REPORT_PATH) +START_TIME=$(xmlstarlet sel -t -v "report/scan_start" < "$REPORT_PATH") EXIT_CODE=$? if [ 0 -ne $EXIT_CODE ] then @@ -66,7 +66,7 @@ then fi START_TIME=$(TZ=UTC date -d "$START_TIME" +%Y-%m-%dT%H:%M:%S.000Z) -END_TIME=$(xmlstarlet sel -t -v "report/scan_end" < $REPORT_PATH) +END_TIME=$(xmlstarlet sel -t -v "report/scan_end" < "$REPORT_PATH") EXIT_CODE=$? if [ 0 -ne $EXIT_CODE ] then @@ -81,7 +81,7 @@ PRODUCT=$(urlencode "Greenbone Vulnerability Manager") FORMAT_VERSION=$(urlencode "1.0.0") CN_REPLACEMENT="Tippingpoint" -if [ "1" = $CERT_WORKAROUND ] +if [ "1" = "$CERT_WORKAROUND" ] then HTTP_CODE=$(curl -s -w ' - Status code %{http_code}' -F "file=@$CONVERTED_PATH" --netrc-file "$AUTH_PATH" "https://$CN_REPLACEMENT/vulnscanner/import?vendor=$VENDOR&product=$PRODUCT&version=$FORMAT_VERSION&runtime=$RUNTIME" --cacert "$CERT_PATH" --resolve "$CN_REPLACEMENT:443:$SMS_ADDRESS") CURL_EXIT="$?" diff --git a/src/alert_methods/vFire/alert b/src/alert_methods/vFire/alert index 44e26a5d1..e98508b3c 100644 --- a/src/alert_methods/vFire/alert +++ b/src/alert_methods/vFire/alert @@ -17,7 +17,7 @@ # along with this program. If not, see . ALERT_CONFIG="$1" -CONNECTOR=`which greenbone_vfire_connector` +CONNECTOR=$(which greenbone_vfire_connector) if [ -z "$ALERT_CONFIG" ] then diff --git a/tools/create-gvm-migrate-config b/tools/create-gvm-migrate-config index acc88b746..a184ecac2 100755 --- a/tools/create-gvm-migrate-config +++ b/tools/create-gvm-migrate-config @@ -67,7 +67,7 @@ cat > gvm-migrate-config << 'OUTER' # Make a temp dir. -TMP=`mktemp -d` || exit 1 +TMP=$(mktemp -d) || exit 1 # Output a temporary XSL file to do the config conversion. diff --git a/tools/greenbone-feed-sync.in b/tools/greenbone-feed-sync.in index 0eaf3d42b..fd0e45068 100644 --- a/tools/greenbone-feed-sync.in +++ b/tools/greenbone-feed-sync.in @@ -126,7 +126,7 @@ else fi -RSYNC=`command -v rsync` +RSYNC=$(command -v rsync) # Current supported feed types (for --type parameter) FEED_TYPES_SUPPORTED="CERT, SCAP or GVMD_DATA" @@ -250,7 +250,7 @@ init_feed_type () { write_feed_xml () { if [ -r $TIMESTAMP ] then - FEED_VERSION=`cat $TIMESTAMP` + FEED_VERSION=$(cat $TIMESTAMP) else FEED_VERSION=0 fi @@ -271,7 +271,7 @@ write_feed_xml () { } create_tmp_key () { - KEYTEMPDIR=`mktemp -d` + KEYTEMPDIR=$(mktemp -d) cp "$ACCESSKEY" "$KEYTEMPDIR" TMPACCESSKEY="$KEYTEMPDIR/gsf-access-key" chmod 400 "$TMPACCESSKEY" @@ -325,7 +325,7 @@ get_value () is_feed_current () { if [ -r $TIMESTAMP ] then - FEED_VERSION=`cat $TIMESTAMP` + FEED_VERSION=$(cat $TIMESTAMP) fi if [ -z "$FEED_VERSION" ] @@ -335,12 +335,12 @@ is_feed_current () { return $FEED_CURRENT fi - FEED_INFO_TEMP_DIR=`mktemp -d` + FEED_INFO_TEMP_DIR=$(mktemp -d) if [ -e $ACCESSKEY ] then read feeduser < $ACCESSKEY - custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1` + custid_at_host=$(head -1 $ACCESSKEY | cut -d : -f 1) if [ -z "$feeduser" ] || [ -z "$custid_at_host" ] then @@ -390,7 +390,7 @@ is_feed_current () { fi fi - FEED_VERSION_SERVER=`cat "$FEED_INFO_TEMP_DIR/timestamp"` + FEED_VERSION_SERVER=$(cat "$FEED_INFO_TEMP_DIR/timestamp") if [ -z "$FEED_VERSION_SERVER" ] then @@ -470,7 +470,7 @@ sync_feed_data(){ mkdir -p "$FEED_DIR" read feeduser < $ACCESSKEY - custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1` + custid_at_host=$(head -1 $ACCESSKEY | cut -d : -f 1) if [ -z "$feeduser" ] || [ -z "$custid_at_host" ] then diff --git a/tools/gvm-export-config b/tools/gvm-export-config index 8abe34396..60f269dd5 100755 --- a/tools/gvm-export-config +++ b/tools/gvm-export-config @@ -45,15 +45,15 @@ sql () { echo "" echo -n " " -echo -n `sql "SELECT name FROM configs WHERE uuid = '$UUID'"` +echo -n $(sql "SELECT name FROM configs WHERE uuid = '$UUID'") echo "" echo -n " " -echo -n `sql "SELECT comment FROM configs WHERE uuid = '$UUID'"` +echo -n $(sql "SELECT comment FROM configs WHERE uuid = '$UUID'") echo "" echo -n " " -echo -n `sql "SELECT type FROM configs WHERE uuid = '$UUID'"` +echo -n $(sql "SELECT type FROM configs WHERE uuid = '$UUID'") echo "" echo " scan" @@ -68,7 +68,7 @@ echo " " echo " " -SELECTOR=`sql "SELECT nvt_selector FROM configs WHERE uuid='${UUID}';"` +SELECTOR=$(sql "SELECT nvt_selector FROM configs WHERE uuid='${UUID}';") if [ "$SELECTOR" = "54b45713-d4f4-4435-b20d-304c175ed8c5" ]; then echo " " else diff --git a/tools/gvm-manage-certs.in b/tools/gvm-manage-certs.in index dd986c028..4eee940b7 100644 --- a/tools/gvm-manage-certs.in +++ b/tools/gvm-manage-certs.in @@ -196,7 +196,7 @@ set_up () if [ -z "$GVM_CERT_DIR" ] then USE_TEMP_DIR=1 - GVM_CERT_DIR=`mktemp -d` + GVM_CERT_DIR=$(mktemp -d) log_verbose "Using $GVM_CERT_DIR to temporarily store files." else USE_TEMP_DIR=0 diff --git a/tools/gvm-migrate-config b/tools/gvm-migrate-config index a05879a37..0e26d87ef 100755 --- a/tools/gvm-migrate-config +++ b/tools/gvm-migrate-config @@ -24,7 +24,7 @@ # Make a temp dir. -TMP=`mktemp -d` || exit 1 +TMP=$(mktemp -d) || exit 1 # Output a temporary XSL file to do the config conversion. From fce467d3ffb4abd69d3e6a998d9e08892b9779eb Mon Sep 17 00:00:00 2001 From: "Carlos A. Parra F" Date: Wed, 24 Mar 2021 12:36:47 +0100 Subject: [PATCH 4/5] Satisfied all remaining shellcheck warnings: * Replaced all remaining $.. with "$..". * Replaced raw $? checks with better ||, && and "if" checks. * Packed chains of 'echo ".." >> $x; echo ".." >> $x' with better '{ echo ".."; echo ".." } >> $x'. * exported locally unused variables (that are probably needed by other scripts). --- src/alert_methods/SCP/alert | 12 +- src/alert_methods/SNMP/alert | 4 +- src/alert_methods/Send/alert | 2 +- src/alert_methods/Sourcefire/alert | 2 +- src/alert_methods/verinice/alert | 2 +- src/schema_formats/HTML/generate | 2 +- src/schema_formats/RNC/generate | 2 +- src/schema_formats/XML-brief/generate | 2 +- src/schema_formats/XML/generate | 2 +- tools/gvm-manage-certs.in | 165 ++++++++++++-------------- 10 files changed, 90 insertions(+), 105 deletions(-) diff --git a/src/alert_methods/SCP/alert b/src/alert_methods/SCP/alert index 24b0d871b..a722c6686 100755 --- a/src/alert_methods/SCP/alert +++ b/src/alert_methods/SCP/alert @@ -27,7 +27,7 @@ PASSWORD_FILE=$6 REPORT_FILE=$7 KNOWN_HOSTS_FILE=$(mktemp) || exit 1 -echo $KNOWN_HOSTS > $KNOWN_HOSTS_FILE +echo "$KNOWN_HOSTS" > "$KNOWN_HOSTS_FILE" ERROR_FILE=$(mktemp) || exit 1 @@ -55,9 +55,9 @@ DEST_ESC=$(shell_esc "$DEST") if [ -z "$PRIVATE_KEY_FILE" ] then - timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>$ERROR_FILE + timeout "$TIMEOUT" sshpass -f "${PASSWORD_FILE}" scp -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE" else - timeout $TIMEOUT sshpass -f ${PASSWORD_FILE} -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE" + timeout "$TIMEOUT" sshpass -f "${PASSWORD_FILE}" -P "passphrase" scp -i "$PRIVATE_KEY_FILE" -o PasswordAuthentication=no -o HashKnownHosts=no -o UserKnownHostsFile="${KNOWN_HOSTS_FILE} ~/.ssh/known_hosts ~/.ssh/known_hosts2 /etc/ssh/ssh_known_hosts" "${REPORT_FILE}" "${USERNAME}@${HOST}:${DEST_ESC}" 2>"$ERROR_FILE" fi EXIT_CODE=$? @@ -93,8 +93,8 @@ then log_error "sshpass failed with exit code ${EXIT_CODE}: $ERROR_SHORT" fi -rm $KNOWN_HOSTS_FILE -rm $PASSWORD_FILE -rm $ERROR_FILE +rm "$KNOWN_HOSTS_FILE" +rm "$PASSWORD_FILE" +rm "$ERROR_FILE" exit $EXIT_CODE diff --git a/src/alert_methods/SNMP/alert b/src/alert_methods/SNMP/alert index a48057c93..c165a5b63 100755 --- a/src/alert_methods/SNMP/alert +++ b/src/alert_methods/SNMP/alert @@ -22,12 +22,12 @@ COMMUNITY=$1 AGENT=$2 # Host. MESSAGE=$3 -OUTPUT=$(snmptrap -v 2c -c $COMMUNITY $AGENT '' .1.3.6.1.6.3 0 s "$MESSAGE" 2>&1) +OUTPUT=$(snmptrap -v 2c -c "$COMMUNITY" "$AGENT" '' .1.3.6.1.6.3 0 s "$MESSAGE" 2>&1) EXIT_CODE=$? if [ "0" -ne "$EXIT_CODE" ] then - echo "snmptrap failed with code $EXIT_CODE:\n$OUTPUT" >&2 + printf 'snmptrap failed with code %s:\n%s\n' "$EXIT_CODE" "$OUTPUT">&2 exit $EXIT_CODE fi diff --git a/src/alert_methods/Send/alert b/src/alert_methods/Send/alert index 182a2b691..0df90b26b 100755 --- a/src/alert_methods/Send/alert +++ b/src/alert_methods/Send/alert @@ -18,6 +18,6 @@ # Escalator method script: Send. -cat $3 | socat -t 0 - TCP:$1:$2 +socat -t 0 - TCP:"$1":"$2" < "$3" EXIT_CODE=$? exit $EXIT_CODE diff --git a/src/alert_methods/Sourcefire/alert b/src/alert_methods/Sourcefire/alert index b3979cf0d..20a26c36e 100755 --- a/src/alert_methods/Sourcefire/alert +++ b/src/alert_methods/Sourcefire/alert @@ -18,6 +18,6 @@ # Escalator method script: Sourcefire connector. -greenbone_sourcefire_connector -server=$1 -port=$2 -pkcs12=$3 -password="$5" $4 +greenbone_sourcefire_connector -server="$1" -port="$2" -pkcs12="$3" -password="$5" "$4" EXIT_CODE=$? exit $EXIT_CODE diff --git a/src/alert_methods/verinice/alert b/src/alert_methods/verinice/alert index 137f28b80..165cadc9a 100755 --- a/src/alert_methods/verinice/alert +++ b/src/alert_methods/verinice/alert @@ -18,6 +18,6 @@ # Escalator method script: verinice connector. -greenbone_verinice_connector $1 $2 $3 $4 +greenbone_verinice_connector "$1" "$2" "$3" "$4" EXIT_CODE=$? exit $EXIT_CODE diff --git a/src/schema_formats/HTML/generate b/src/schema_formats/HTML/generate index dc9276624..3ab5c309c 100755 --- a/src/schema_formats/HTML/generate +++ b/src/schema_formats/HTML/generate @@ -21,4 +21,4 @@ # This schema generator creates a single HTML file from the XML schema using # an XSL transformation via the tool xsltproc. -xsltproc ./HTML.xsl $1 +xsltproc ./HTML.xsl "$1" diff --git a/src/schema_formats/RNC/generate b/src/schema_formats/RNC/generate index 960f05617..f5f9a0cd6 100755 --- a/src/schema_formats/RNC/generate +++ b/src/schema_formats/RNC/generate @@ -21,4 +21,4 @@ # This schema generator creates a single RNC file from the XML schema using # an XSL transformation via the tool xsltproc. -xsltproc ./RNC.xsl $1 +xsltproc ./RNC.xsl "$1" diff --git a/src/schema_formats/XML-brief/generate b/src/schema_formats/XML-brief/generate index c87b898c1..32ad61196 100755 --- a/src/schema_formats/XML-brief/generate +++ b/src/schema_formats/XML-brief/generate @@ -21,4 +21,4 @@ # This schema generator creates a brief XML description of the protocol. # Basically just the command list. -xsltproc ./GMP.xsl $1 +xsltproc ./GMP.xsl "$1" diff --git a/src/schema_formats/XML/generate b/src/schema_formats/XML/generate index 195cc804b..da5977766 100755 --- a/src/schema_formats/XML/generate +++ b/src/schema_formats/XML/generate @@ -21,5 +21,5 @@ # This schema generator is the most trivial one as it simply passes on the # GMP XML schema as is. -cat $1 +cat "$1" exit 0 diff --git a/tools/gvm-manage-certs.in b/tools/gvm-manage-certs.in index 4eee940b7..62b366b24 100644 --- a/tools/gvm-manage-certs.in +++ b/tools/gvm-manage-certs.in @@ -37,7 +37,7 @@ SERVER_CERTIFICATE=2 CLIENT_CERTIFICATE=3 log_write () { - if [ $QUIET -ne 1 ] + if [ "$QUIET" -ne 1 ] then $LOG_CMD -p daemon.info "$1" echo "$1" @@ -50,7 +50,7 @@ log_err () { } log_debug () { - if [ $DEBUG -eq 1 ] + if [ "$DEBUG" -eq 1 ] then $LOG_CMD -p daemon.debug "$1" echo "$1" @@ -58,7 +58,7 @@ log_debug () { } log_verbose () { - if [ $VERBOSE -eq 1 ] + if [ "$VERBOSE" -eq 1 ] then log_write "$1" fi @@ -84,11 +84,7 @@ set_defaults () { # Hostname if [ -z "$GVM_CERTIFICATE_HOSTNAME" ] then - GVM_CERTIFICATE_HOSTNAME=$(hostname --fqdn 2> /dev/null) - if [ $? -ne 0 ] - then - GVM_CERTIFICATE_HOSTNAME="localhost" - fi + GVM_CERTIFICATE_HOSTNAME=$(hostname --fqdn 2> /dev/null) || GVM_CERTIFICATE_HOSTNAME="localhost" fi # Certificate Authority (CA) Certificate Parameters @@ -232,8 +228,7 @@ set_up_directories () if [ ! -d "$GVM_CERT_LOCATION" ] then - mkdir -p "$GVM_CERT_LOCATION" - if [ $? -ne 0 ] + if ! mkdir -p "$GVM_CERT_LOCATION" then log_err "ERROR: Failed to create certificate directory ($GVM_CERT_LOCATION). Aborting." exit 1 @@ -242,8 +237,7 @@ set_up_directories () if [ ! -d "$GVM_KEY_LOCATION" ] then - mkdir -p "$GVM_KEY_LOCATION" - if [ $? -ne 0 ] + if ! mkdir -p "$GVM_KEY_LOCATION" then log_err "ERROR: Failed to create private key directory ($GVM_KEY_LOCATION). Aborting." exit 1 @@ -281,14 +275,12 @@ create_private_key () # Create a private key certtool \ - --generate-privkey $CERTTOOL_PRIVKEY_PARAM \ + --generate-privkey "$CERTTOOL_PRIVKEY_PARAM" \ --outfile "$1" \ - >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -ne 0 ] - then + >> "$CERTTOOL_LOGFILE" 2>&1 || { log_err "ERROR: Failed to generate private key, see $CERTTOOL_LOGFILE for details. Aborting." exit 1 - fi + } log_write "Generated private key in $1." } @@ -300,16 +292,16 @@ add_san_settings () do case "$i" in *.*.*.*) - echo "ip_address = \"$i\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "ip_address = \"$i\"" >> "$GVM_CERT_TEMPLATE_FILENAME" ;; http*) - echo "uri = \"$i\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "uri = \"$i\"" >> "$GVM_CERT_TEMPLATE_FILENAME" ;; *.*) - echo "dns_name = \"$i\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "dns_name = \"$i\"" >> "$GVM_CERT_TEMPLATE_FILENAME" ;; localhost ) - echo "dns_name = \"localhost\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "dns_name = \"localhost\"" >> "$GVM_CERT_TEMPLATE_FILENAME" ;; *) log_verbose "Invalid formatting for SAN: $i" @@ -328,105 +320,105 @@ create_certificate () rm -f "$GVM_CERT_TEMPLATE_FILENAME" # Create template using parameters - if [ $CERTIFICATE_TYPE -eq $CA_CERTIFICATE ] + if [ "$CERTIFICATE_TYPE" -eq "$CA_CERTIFICATE" ] then if [ -n "$GVM_CA_CERTIFICATE_LIFETIME" ] then - echo "expiration_days = $GVM_CA_CERTIFICATE_LIFETIME" >> $GVM_CERT_TEMPLATE_FILENAME + echo "expiration_days = $GVM_CA_CERTIFICATE_LIFETIME" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_COUNTRY" ] then - echo "country = \"$GVM_CA_CERTIFICATE_COUNTRY\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "country = \"$GVM_CA_CERTIFICATE_COUNTRY\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_STATE" ] then - echo "state = \"$GVM_CA_CERTIFICATE_STATE\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "state = \"$GVM_CA_CERTIFICATE_STATE\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_LOCALITY" ] then - echo "locality = \"$GVM_CA_CERTIFICATE_LOCALITY\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "locality = \"$GVM_CA_CERTIFICATE_LOCALITY\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_ORG" ] then - echo "organization = \"$GVM_CA_CERTIFICATE_ORG\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "organization = \"$GVM_CA_CERTIFICATE_ORG\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_ORG_UNIT" ] then - echo "unit = \"$GVM_CA_CERTIFICATE_ORG_UNIT\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "unit = \"$GVM_CA_CERTIFICATE_ORG_UNIT\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_HOSTNAME" ] then - echo "cn = \"$GVM_CA_CERTIFICATE_HOSTNAME\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "cn = \"$GVM_CA_CERTIFICATE_HOSTNAME\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CA_CERTIFICATE_SAN" ] then - add_san_settings $GVM_CA_CERTIFICATE_SAN + add_san_settings "$GVM_CA_CERTIFICATE_SAN" fi else if [ -n "$GVM_CERTIFICATE_LIFETIME" ] then - echo "expiration_days = $GVM_CERTIFICATE_LIFETIME" >> $GVM_CERT_TEMPLATE_FILENAME + echo "expiration_days = $GVM_CERTIFICATE_LIFETIME" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_COUNTRY" ] then - echo "country = \"$GVM_CERTIFICATE_COUNTRY\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "country = \"$GVM_CERTIFICATE_COUNTRY\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_STATE" ] then - echo "state = \"$GVM_CERTIFICATE_STATE\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "state = \"$GVM_CERTIFICATE_STATE\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_LOCALITY" ] then - echo "locality = \"$GVM_CERTIFICATE_LOCALITY\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "locality = \"$GVM_CERTIFICATE_LOCALITY\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_ORG" ] then - echo "organization = \"$GVM_CERTIFICATE_ORG\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "organization = \"$GVM_CERTIFICATE_ORG\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_ORG_UNIT" ] then - echo "unit = \"$GVM_CERTIFICATE_ORG_UNIT\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "unit = \"$GVM_CERTIFICATE_ORG_UNIT\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_HOSTNAME" ] then - echo "cn = \"$GVM_CERTIFICATE_HOSTNAME\"" >> $GVM_CERT_TEMPLATE_FILENAME + echo "cn = \"$GVM_CERTIFICATE_HOSTNAME\"" >> "$GVM_CERT_TEMPLATE_FILENAME" fi if [ -n "$GVM_CERTIFICATE_SAN" ] then - add_san_settings $GVM_CERTIFICATE_SAN + add_san_settings "$GVM_CERTIFICATE_SAN" fi fi # Add key usage constraints if the certificate type is known - if [ $CERTIFICATE_TYPE -eq $CA_CERTIFICATE ] + if [ "$CERTIFICATE_TYPE" -eq "$CA_CERTIFICATE" ] then - echo "ca" >> $GVM_CERT_TEMPLATE_FILENAME - echo "cert_signing_key" >> $GVM_CERT_TEMPLATE_FILENAME - echo "crl_signing_key" >> $GVM_CERT_TEMPLATE_FILENAME + { echo "ca"; + echo "cert_signing_key"; + echo "crl_signing_key"; } >> "$GVM_CERT_TEMPLATE_FILENAME" fi - if [ $CERTIFICATE_TYPE -eq $SERVER_CERTIFICATE ] + if [ "$CERTIFICATE_TYPE" -eq "$SERVER_CERTIFICATE" ] then # This certificate will be used to encrypt data and sign data. # This is the keyEncipherment flag in RFC5280 terminology. - echo "encryption_key" >> $GVM_CERT_TEMPLATE_FILENAME - echo "signing_key" >> $GVM_CERT_TEMPLATE_FILENAME - echo "tls_www_server" >> $GVM_CERT_TEMPLATE_FILENAME + { echo "encryption_key"; + echo "signing_key"; + echo "tls_www_server"; } >> "$GVM_CERT_TEMPLATE_FILENAME" fi - if [ $CERTIFICATE_TYPE -eq $CLIENT_CERTIFICATE ] + if [ "$CERTIFICATE_TYPE" -eq "$CLIENT_CERTIFICATE" ] then # This certificate will be used to sign data. # This is the digitalSignature flag in RFC5280 terminology. - echo "signing_key" >> $GVM_CERT_TEMPLATE_FILENAME - echo "tls_www_client" >> $GVM_CERT_TEMPLATE_FILENAME + echo "signing_key" >> "$GVM_CERT_TEMPLATE_FILENAME" + echo "tls_www_client" >> "$GVM_CERT_TEMPLATE_FILENAME" fi - if [ $DEBUG -eq 1 ] + if [ "$DEBUG" -eq 1 ] then echo "DEBUG: Using the following template ($GVM_CERT_TEMPLATE_FILENAME):" >> "$CERTTOOL_LOGFILE" - cat $GVM_CERT_TEMPLATE_FILENAME >> "$CERTTOOL_LOGFILE" + cat "$GVM_CERT_TEMPLATE_FILENAME" >> "$CERTTOOL_LOGFILE" fi - if [ $CREATE_SELF_SIGNED -eq 1 ] + if [ "$CREATE_SELF_SIGNED" -eq 1 ] then # Create a self signed certificate log_verbose " Generating self signed certificate." @@ -436,12 +428,10 @@ create_certificate () --load-privkey "$GVM_KEY_FILENAME" \ --outfile "$GVM_CERT_FILENAME" \ --template "$GVM_CERT_TEMPLATE_FILENAME" \ - >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -ne 0 ] - then + >> "$CERTTOOL_LOGFILE" 2>&1 || { log_err "ERROR: Failed to create self signed certificate, see $CERTTOOL_LOGFILE for details. Aborting." exit 1 - fi + } log_write "Generated self signed certificate in $GVM_CERT_FILENAME." else @@ -452,12 +442,10 @@ create_certificate () --load-privkey "$GVM_KEY_FILENAME" \ --outfile "$GVM_CERT_REQUEST_FILENAME" \ --template "$GVM_CERT_TEMPLATE_FILENAME" \ - >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -ne 0 ] - then - log_err "ERROR: Failed to create certificate request, see $CERTTOOL_LOGFILE for details. Aborting." - exit 1 - fi + >> "$CERTTOOL_LOGFILE" 2>&1 || { + log_err "ERROR: Failed to create certificate request, see $CERTTOOL_LOGFILE for details. Aborting." + exit 1 + } log_write "Generated certificate request in $GVM_CERT_REQUEST_FILENAME." fi @@ -491,12 +479,10 @@ sign_certificate () --outfile "$GVM_CERT_FILENAME" \ --load-ca-certificate "$GVM_SIGNING_CA_CERT_FILENAME" \ --load-ca-privkey "$GVM_SIGNING_CA_KEY_FILENAME" \ - --template "$GVM_CERT_TEMPLATE_FILENAME" >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -ne 0 ] - then - log_err "ERROR: Failed to sign certificate, see $CERTTOOL_LOGFILE for details. Aborting." - exit 1 - fi + --template "$GVM_CERT_TEMPLATE_FILENAME" >> "$CERTTOOL_LOGFILE" 2>&1 || { + log_err "ERROR: Failed to sign certificate, see $CERTTOOL_LOGFILE for details. Aborting." + exit 1 + } log_write "Signed certificate request in $GVM_CERT_REQUEST_FILENAME with CA certificate in $GVM_SIGNING_CA_CERT_FILENAME to generate certificate in $GVM_CERT_FILENAME" } @@ -527,14 +513,13 @@ install_cert () fi KEY_INSTALL="$GVM_KEY_LOCATION/${1}key.pem" - if [ -f "$KEY_INSTALL" ] && [ $FORCE -ne 1 ] + if [ -f "$KEY_INSTALL" ] && [ "$FORCE" -ne 1 ] then echo "$KEY_INSTALL exists already, not overwriting." echo "Use '-f' parameter to overwrite existing files." exit 1 else - cp "$GVM_KEY_FILENAME" "$KEY_INSTALL" - if [ $? -ne 0 ] + if ! cp "$GVM_KEY_FILENAME" "$KEY_INSTALL" then log_err "Failed to install $GVM_KEY_FILENAME to $KEY_INSTALL. Aborting." exit 1 @@ -544,14 +529,13 @@ install_cert () fi CERT_INSTALL="$GVM_CERT_LOCATION/${1}cert.pem" - if [ -f "$CERT_INSTALL" ] && [ $FORCE -ne 1 ] + if [ -f "$CERT_INSTALL" ] && [ "$FORCE" -ne 1 ] then echo "$CERT_INSTALL exists already, not overwriting." echo "Use '-f' parameter to overwrite existing files." exit 1 else - cp "$GVM_CERT_FILENAME" "$CERT_INSTALL" - if [ $? -ne 0 ] + if ! cp "$GVM_CERT_FILENAME" "$CERT_INSTALL" then log_err "Failed to install $GVM_CERT_FILENAME to $CERT_INSTALL. Aborting." exit 1 @@ -596,12 +580,11 @@ verify () # TODO: Check file permissions - certtool \ + if certtool \ --verify \ - --load-ca-certificate $GVM_CERT_LOCATION/cacert.pem \ - --infile $GVM_CERT_LOCATION/cacert.pem \ + --load-ca-certificate "$GVM_CERT_LOCATION"/cacert.pem \ + --infile "$GVM_CERT_LOCATION"/cacert.pem \ >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -eq 0 ] then echo "OK: CA certificate verified." else @@ -609,24 +592,25 @@ verify () ALL_OK=0 fi - for cert in $(find $GVM_CERT_LOCATION -name "*pem" ! -name cacert.pem) + find "$GVM_CERT_LOCATION" -name "*pem" ! -name cacert.pem > tmp + while IFS= read -r cert do - certtool \ + if certtool \ --verify \ - --load-ca-certificate $GVM_CERT_LOCATION/cacert.pem \ - --infile $cert \ + --load-ca-certificate "$GVM_CERT_LOCATION"/cacert.pem \ + --infile "$cert" \ >> "$CERTTOOL_LOGFILE" 2>&1 - if [ $? -eq 0 ] then echo "OK: Certificate $cert verified." else echo "ERROR: Certificate $cert failed verification, see $CERTTOOL_LOGFILE for details. Aborting." - ALL_OK=0 + ALL_OK=0 fi - done + done < tmp + rm tmp echo - if [ $ALL_OK -eq 1 ] + if [ "$ALL_OK" -eq 1 ] then echo "OK: Your GVM certificate infrastructure passed validation." else @@ -644,10 +628,10 @@ clean_up () { if [ $USE_TEMP_DIR -eq 1 ] then - if [ $DEBUG -ne 1 ] + if [ "$DEBUG" -ne 1 ] then log_write "Removing temporary directory $GVM_CERT_DIR." - rm -rf $GVM_CERT_DIR + rm -rf "$GVM_CERT_DIR" else echo "DEBUG: Not removing $GVM_CERT_DIR in debug mode." fi @@ -667,8 +651,8 @@ INSTALL_CA=0 CREATE_CERTIFICATE=0 CREATE_SELF_SIGNED=0 CERTIFICATE_TYPE=0 -CREATE_SERVER_CERTIFICATE=0 -CREATE_CLIENT_CERTIFICATE=0 +export CREATE_SERVER_CERTIFICATE=0 +export CREATE_CLIENT_CERTIFICATE=0 CREATE_CSR=0 CREATE_CA=0 SIGN_CERTIFICATE=0 @@ -752,6 +736,7 @@ then if [ -r "$CONFIGURATION_FILE" ] then log_verbose "Reading configuration from $CONFIGURATION_FILE." + # shellcheck source=/dev/null . "$CONFIGURATION_FILE" else log_err "Configuration file $CONFIGURATION_FILE could not be read. Aborting." From 16a9e9ad66cadabe531bef8f8dc95244585673fd Mon Sep 17 00:00:00 2001 From: "Carlos A. Parra F" Date: Mon, 29 Mar 2021 15:34:02 +0200 Subject: [PATCH 5/5] Added changelog entry. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d19d7c4c..99d7a3c90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -213,6 +213,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Include unknown preferences when uploading or syncing configs [#1005](https://github.com/greenbone/gvmd/pull/1005) - Set the default OSPD unix socket path to /var/run/ospd/ospd.sock [#1238](https://github.com/greenbone/gvmd/pull/1238) - The default OSPD unix path is now configurable [#1244](https://github.com/greenbone/gvmd/pull/1244) +- Made all shellscripts POSIX compliant [#1471](https://github.com/greenbone/gvmd/pull/1471) ### Fixed - Add NULL check in nvts_feed_version_epoch [#768](https://github.com/greenbone/gvmd/pull/768)