Malware scanner: Fix input validation bugs (CRITICAL)

Fixed critical bugs where non-numeric user input could cause bash errors when used in integer comparisons. **Bug: Unvalidated numeric input in 3 locations** Problem: User input used directly in integer comparisons without validation Impact: Bash error "integer expression expected" if user enters text Locations: - Line 1647: delete_standalone_sessions() - delete choice - Line 1776: view_scan_results() - scanner choice - Line 1848: view_scan_results() - session choice Example failure: User enters: "abc" Code: if [ "$choice" -lt 1 ] Error: "bash: [: abc: integer expression expected" **Fix: Add regex validation before integer comparisons** Added numeric validation using regex before all integer comparisons: if ! [[ "$input" =~ ^[0-9]+$ ]]; then echo "Invalid choice (must be a number)" return 1 fi Changes to delete_standalone_sessions(): - Added numeric check at line 1648 before integer comparison - Improved error message: "must be a number" vs "out of range" Changes to view_scan_results() (2 locations): - Added numeric check at line 1777 (scanner choice) - Added numeric check at line 1845 (session choice) - Both get validation before integer comparisons Why this is critical: - Prevents bash errors from crashing the script - Provides clear error messages to users - Handles edge case of accidental text input - Common user error (typing letters instead of numbers) Testing: Syntax validated, input validation working
2025-12-22 18:18:53 -05:00
parent c0dc917a84
commit ade33f0257
1 changed files with 24 additions and 3 deletions
@@ -1644,8 +1644,15 @@ delete_standalone_sessions() {
            ;;
        *)
            # Delete specific session
+            # Validate numeric input
+            if ! [[ "$delete_choice" =~ ^[0-9]+$ ]]; then
+                echo -e "${RED}Invalid choice (must be a number)${NC}"
+                read -p "Press Enter to continue..."
+                return 1
+            fi
+
            if [ "$delete_choice" -lt 1 ] || [ "$delete_choice" -gt ${#standalone_dirs[@]} ]; then
-                echo -e "${RED}Invalid choice${NC}"
+                echo -e "${RED}Invalid choice (out of range)${NC}"
                read -p "Press Enter to continue..."
                return 1
            fi
@@ -1766,8 +1773,15 @@ view_scan_results() {

            read -p "Scanner: " scanner_choice

+            # Validate numeric input
+            if ! [[ "$scanner_choice" =~ ^[0-9]+$ ]]; then
+                echo -e "${RED}Invalid choice (must be a number)${NC}"
+                read -p "Press Enter to continue..."
+                return 1
+            fi
+
            if [ "$scanner_choice" -lt 1 ] || [ "$scanner_choice" -gt ${#available_scanners[@]} ]; then
-                echo -e "${RED}Invalid choice${NC}"
+                echo -e "${RED}Invalid choice (out of range)${NC}"
                read -p "Press Enter to continue..."
                return 1
            fi
@@ -1827,12 +1841,19 @@ view_scan_results() {

            read -p "Select session (or 0 to cancel): " session_choice

+            # Validate numeric input
+            if ! [[ "$session_choice" =~ ^[0-9]+$ ]]; then
+                echo -e "${RED}Invalid choice (must be a number)${NC}"
+                read -p "Press Enter to continue..."
+                return 1
+            fi
+
            if [ "$session_choice" = "0" ]; then
                return 0
            fi

            if [ "$session_choice" -lt 1 ] || [ "$session_choice" -gt ${#standalone_dirs[@]} ]; then
-                echo -e "${RED}Invalid choice${NC}"
+                echo -e "${RED}Invalid choice (out of range)${NC}"
                read -p "Press Enter to continue..."
                return 1
            fi