meta-security : initial commit

Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
author: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-06-17 17:24:38 +0300
committer: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-06-17 17:24:38 +0300
commit: 60d90b25631471e8193b3069c6a520ccf7c82008 (patch)
tree: e413ea3904059ff52a4539aeff358518fa0ae327 /recipes-security/redhat-security/files/find-sh4errors.sh
download: meta-security-60d90b25631471e8193b3069c6a520ccf7c82008.tar.gz
1 files changed, 132 insertions, 0 deletions
diff --git a/recipes-security/redhat-security/files/find-sh4errors.sh b/recipes-security/redhat-security/files/find-sh4errors.sh
new file mode 100644
index 0000000..0054a6a
--- /dev/null
+++ b/recipes-security/redhat-security/files/find-sh4errors.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+# find_sh4errors utility
+# Copyright (c) 2004 Steve Grubb. ALL RIGHTS RESERVED.
+# sgrubb@redhat.com
+#
+# This software may be freely redistributed under the terms of the GNU
+# public license.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+# This script will search a directory and its subdirectories for every shell
+# script. It then runs sh -n to see if bash can determine if there are obvious
+# parsing errors. It does have a bug in that bash -n does not take into 
+# account someone may program an unconditional exit and then include man page
+# generation information. It also fails to notice the exec command. When you
+# run across files that do either of the above, add it to the KNOWN_BAD list.
+if [ $# -ge 2 ] ; then
+        echo "Usage: find_sh4errors [directory]" 1>&2
+        exit 1
+fi
+INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh"
+SKIP_DIRS="/opt /home /root"
+KNOWN_BAD="/usr/bin/kde-build /usr/bin/cvsversion samples/copifuncs/copi.sendifm1 bashdb bash_completion_test"
+DIR="/"
+if [ $# -eq 1 ] ; then
+        if [ -d "$1" ] ; then
+                DIR="$1"
+        else
+                echo "Option passed in was not a directory" 1>&2
+                exit 1
+        fi
+fi
+tempfile=`mktemp /tmp/sh4.XXXXXX`
+tempfile2=`mktemp /tmp/sh4.XXXXXX`
+if [ -z "$tempfile" -o -z "$tempfile2" ] ; then
+        echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo
+        exit 1
+fi
+trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15
+# Get executable files
+#echo "Locating executables..."
+/usr/bin/find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null
+FOUND=0
+#echo "Refining list to shell scripts..."
+while read f
+do
+        # Get just the shell scripts
+        testf=`echo $f | /usr/bin/file -n -f - | egrep 'ourne|POSIX shell'`
+        if [ x"$testf" != x ] ; then
+                echo $f >> $tempfile2
+                FOUND=1
+        fi
+done < $tempfile
+/bin/rm -f $tempfile
+if [ $FOUND -eq 0 ] ; then
+        # Nothing to report, just exit
+#       echo "Examining shell scripts in $DIR"
+#       echo "No problems found"
+        /bin/rm -f $tempfile2
+        exit 0
+fi
+#echo "Examining shell scripts in $DIR"
+FOUND=0
+while read i
+do
+        # First see if the script calls an interpreter
+        SKIP=0
+        for lang in $INTERPRETERS
+        do
+                if `/bin/cat "$i" 2>/dev/null | \
+                                grep "exec[ \t].*$lang" >/dev/null` ; then
+                        SKIP=1
+                        break
+                fi
+        done
+        if [ $SKIP -eq 1 ] ; then
+                continue
+        fi
+        # See if this is in a dir we want to ignore
+        for d in $SKIP_DIRS
+        do
+                if `echo "$i" | /bin/grep "^\$d" >/dev/null`; then
+                        SKIP=1
+                        break
+                fi
+        done
+        if [ $SKIP -eq 1 ] ; then
+                continue
+        fi
+        # Don't do the known naughty files
+        for bad in $KNOWN_BAD
+        do
+                if `echo "$i" | /bin/grep "$bad" >/dev/null`; then
+                        SKIP=1
+                        break
+                fi
+        done
+        if [ $SKIP -eq 1 ] ; then
+                continue
+        fi
+        # Now examine them for correctness
+        interp=`/usr/bin/head -n 1 "$i" | /bin/awk '{ print $1 }' | \
+                                                        /usr/bin/tr -d '#!'`
+        if [ x"$interp" = "x" -o ! -x "$interp" ] ; then
+                interp="/bin/sh"
+        fi
+        $interp -n "$i" 2>/dev/null
+        if [ $? -ne 0 ] ; then
+                printf "%-44s" "$i"
+                rpm -qf --queryformat "%{NAME}-%{VERSION}" $i
+                echo
+                FOUND=1
+        fi
+done < $tempfile2
+/bin/rm -f $tempfile2
+if [ $FOUND -eq 0 ] ; then
+        # Nothing to report, just exit
+#        echo "No problems found"
+        exit 0
+fi
+exit 1
author	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-06-17 17:24:38 +0300
committer	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-06-17 17:24:38 +0300
commit	60d90b25631471e8193b3069c6a520ccf7c82008 (patch)
tree	e413ea3904059ff52a4539aeff358518fa0ae327 /recipes-security/redhat-security/files/find-sh4errors.sh
download	meta-security-60d90b25631471e8193b3069c6a520ccf7c82008.tar.gz

diff --git a/recipes-security/redhat-security/files/find-sh4errors.sh b/recipes-security/redhat-security/files/find-sh4errors.sh new file mode 100644 index 0000000..0054a6a --- /dev/null +++ b/recipes-security/redhat-security/files/find-sh4errors.sh
@@ -0,0 +1,132 @@
	1	#!/bin/sh
	2	# find_sh4errors utility
	3	# Copyright (c) 2004 Steve Grubb. ALL RIGHTS RESERVED.
	4	# sgrubb@redhat.com
	5	#
	6	# This software may be freely redistributed under the terms of the GNU
	7	# public license.
	8	#
	9	# You should have received a copy of the GNU General Public License
	10	# along with this program; if not, write to the Free Software
	11	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	12
	13	# This script will search a directory and its subdirectories for every shell
	14	# script. It then runs sh -n to see if bash can determine if there are obvious
	15	# parsing errors. It does have a bug in that bash -n does not take into
	16	# account someone may program an unconditional exit and then include man page
	17	# generation information. It also fails to notice the exec command. When you
	18	# run across files that do either of the above, add it to the KNOWN_BAD list.
	19
	20	if [ $# -ge 2 ] ; then
	21	echo "Usage: find_sh4errors [directory]" 1>&2
	22	exit 1
	23	fi
	24	INTERPRETERS="wish wishx tclsh guile rep itkwish expect /etc/kde/kdm/Xsession /etc/X11/xdm/Xsession /usr/bin/festival perl hfssh"
	25	SKIP_DIRS="/opt /home /root"
	26	KNOWN_BAD="/usr/bin/kde-build /usr/bin/cvsversion samples/copifuncs/copi.sendifm1 bashdb bash_completion_test"
	27	DIR="/"
	28	if [ $# -eq 1 ] ; then
	29	if [ -d "$1" ] ; then
	30	DIR="$1"
	31	else
	32	echo "Option passed in was not a directory" 1>&2
	33	exit 1
	34	fi
	35	fi
	36	tempfile=`mktemp /tmp/sh4.XXXXXX`
	37	tempfile2=`mktemp /tmp/sh4.XXXXXX`
	38	if [ -z "$tempfile" -o -z "$tempfile2" ] ; then
	39	echo ; echo "Unable to create tempfiles...aborting." 1>&2 ; echo
	40	exit 1
	41	fi
	42	trap "rm -f $tempfile; rm -f $tempfile2; exit 2" 1 2 3 5 15
	43
	44	# Get executable files
	45	#echo "Locating executables..."
	46	/usr/bin/find $DIR -type f -perm /0111 -print >> $tempfile 2>/dev/null
	47	FOUND=0
	48	#echo "Refining list to shell scripts..."
	49	while read f
	50	do
	51	# Get just the shell scripts
	52	testf=`echo $f \| /usr/bin/file -n -f - \| egrep 'ourne\|POSIX shell'`
	53	if [ x"$testf" != x ] ; then
	54	echo $f >> $tempfile2
	55	FOUND=1
	56	fi
	57	done < $tempfile
	58	/bin/rm -f $tempfile
	59	if [ $FOUND -eq 0 ] ; then
	60	# Nothing to report, just exit
	61	# echo "Examining shell scripts in $DIR"
	62	# echo "No problems found"
	63	/bin/rm -f $tempfile2
	64	exit 0
	65	fi
	66	#echo "Examining shell scripts in $DIR"
	67	FOUND=0
	68	while read i
	69	do
	70	# First see if the script calls an interpreter
	71	SKIP=0
	72	for lang in $INTERPRETERS
	73	do
	74	if `/bin/cat "$i" 2>/dev/null \| \
	75	grep "exec[ \t].*$lang" >/dev/null` ; then
	76	SKIP=1
	77	break
	78	fi
	79	done
	80
	81	if [ $SKIP -eq 1 ] ; then
	82	continue
	83	fi
	84
	85	# See if this is in a dir we want to ignore
	86	for d in $SKIP_DIRS
	87	do
	88	if `echo "$i" \| /bin/grep "^\$d" >/dev/null`; then
	89	SKIP=1
	90	break
	91	fi
	92	done
	93
	94	if [ $SKIP -eq 1 ] ; then
	95	continue
	96	fi
	97
	98	# Don't do the known naughty files
	99	for bad in $KNOWN_BAD
	100	do
	101	if `echo "$i" \| /bin/grep "$bad" >/dev/null`; then
	102	SKIP=1
	103	break
	104	fi
	105	done
	106
	107	if [ $SKIP -eq 1 ] ; then
	108	continue
	109	fi
	110
	111	# Now examine them for correctness
	112	interp=`/usr/bin/head -n 1 "$i" \| /bin/awk '{ print $1 }' \| \
	113	/usr/bin/tr -d '#!'`
	114	if [ x"$interp" = "x" -o ! -x "$interp" ] ; then
	115	interp="/bin/sh"
	116	fi
	117	$interp -n "$i" 2>/dev/null
	118	if [ $? -ne 0 ] ; then
	119	printf "%-44s" "$i"
	120	rpm -qf --queryformat "%{NAME}-%{VERSION}" $i
	121	echo
	122	FOUND=1
	123	fi
	124	done < $tempfile2
	125	/bin/rm -f $tempfile2
	126	if [ $FOUND -eq 0 ] ; then
	127	# Nothing to report, just exit
	128	# echo "No problems found"
	129	exit 0
	130	fi
	131	exit 1
	132