diff --git a/check_project.sh b/check_project.sh index c0f001896..690d9410f 100755 --- a/check_project.sh +++ b/check_project.sh @@ -23,14 +23,14 @@ MOD_DIR="./modules" MOD_DIR_LOCAL="./modules_local" CONF_DIR="./config" EXT_DIR="./external" -REP_DIR="$CONF_DIR/report_templates" +REP_DIR="${CONF_DIR}/report_templates" -if [[ "$STRICT_MODE" -eq 1 ]]; then +if [[ "${STRICT_MODE}" -eq 1 ]]; then # shellcheck source=./installer/wickStrictModeFail.sh - source "$INSTALLER_DIR"/wickStrictModeFail.sh + source "${INSTALLER_DIR}"/wickStrictModeFail.sh export DEBUG_SCRIPT=0 # shellcheck source=./helpers/helpers_emba_load_strict_settings.sh - source "$HELP_DIR"/helpers_emba_load_strict_settings.sh + source "${HELP_DIR}"/helpers_emba_load_strict_settings.sh load_strict_mode_settings trap 'wickStrictModeFail $?' ERR # The ERR trap is triggered when a script catches an error fi @@ -51,57 +51,57 @@ MODULES_TO_CHECK_ARR_PERM=() MODULES_TO_CHECK_ARR_COMMENT=() import_config_scripts() { - mapfile -t HELPERS < <(find "$CONF_DIR" -iname "*.sh" 2>/dev/null) + mapfile -t HELPERS < <(find "${CONF_DIR}" -iname "*.sh" 2>/dev/null) for LINE in "${HELPERS[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } import_helper() { - mapfile -t HELPERS < <(find "$HELP_DIR" -iname "*.sh" 2>/dev/null) + mapfile -t HELPERS < <(find "${HELP_DIR}" -iname "*.sh" 2>/dev/null) for LINE in "${HELPERS[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } import_reporting_templates() { - mapfile -t REP_TEMP < <(find "$REP_DIR" -iname "*.sh" 2>/dev/null) + mapfile -t REP_TEMP < <(find "${REP_DIR}" -iname "*.sh" 2>/dev/null) for LINE in "${REP_TEMP[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } import_module() { MODULES=() - mapfile -t MODULES < <(find "$MOD_DIR" -iname "*.sh" 2>/dev/null) - if [[ -d "$MOD_DIR_LOCAL" ]]; then - mapfile -t MODULES_LOCAL < <(find "$MOD_DIR_LOCAL" -iname "*.sh" 2>/dev/null) + mapfile -t MODULES < <(find "${MOD_DIR}" -iname "*.sh" 2>/dev/null) + if [[ -d "${MOD_DIR_LOCAL}" ]]; then + mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -iname "*.sh" 2>/dev/null) MODULES=( "${MODULES_[@]}" "${MODULES_LOCAL[@]}") fi for LINE in "${MODULES[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } import_installer() { MODULES=() - mapfile -t MODULES < <(find "$INSTALLER_DIR" -iname "*.sh" 2>/dev/null) + mapfile -t MODULES < <(find "${INSTALLER_DIR}" -iname "*.sh" 2>/dev/null) for LINE in "${MODULES[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } @@ -110,35 +110,35 @@ import_emba_main() { MODULES=() mapfile -t MODULES < <(find ./ -iname "emba" -o -iname "installer.sh" -o -iname "check_project.sh" 2>/dev/null) for LINE in "${MODULES[@]}"; do - if (file "$LINE" | grep -q "shell script"); then - echo "$LINE" - SOURCES+=("$LINE") + if (file "${LINE}" | grep -q "shell script"); then + echo "${LINE}" + SOURCES+=("${LINE}") fi done } dockerchecker() { - echo -e "\\n""$ORANGE""$BOLD""EMBA docker-files check""$NC" - echo -e "$BOLD""=================================================================""$NC" + echo -e "\\n""${ORANGE}""${BOLD}""EMBA docker-files check""${NC}" + echo -e "${BOLD}""=================================================================""${NC}" mapfile -t DOCKER_COMPS < <(find . -maxdepth 1 -iname "docker-compose*.yml") for DOCKER_COMP in "${DOCKER_COMPS[@]}"; do - echo -e "\\n""$GREEN""Run docker check on $DOCKER_COMP:""$NC""\\n" - if docker-compose -f "$DOCKER_COMP" config 1>/dev/null || [[ $? -ne 1 ]]; then - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "\\n""${GREEN}""Run docker check on ${DOCKER_COMP}:""${NC}""\\n" + if docker-compose -f "${DOCKER_COMP}" config 1>/dev/null || [[ $? -ne 1 ]]; then + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" else - echo -e "\\n""$ORANGE$BOLD==> FIX ERRORS""$NC""\\n" + echo -e "\\n""${ORANGE}${BOLD}==> FIX ERRORS""${NC}""\\n" ((MODULES_TO_CHECK=MODULES_TO_CHECK+1)) - MODULES_TO_CHECK_ARR_DOCKER+=( "$DOCKER_COMP" ) + MODULES_TO_CHECK_ARR_DOCKER+=( "${DOCKER_COMP}" ) fi done } check() { - echo -e "\\n""$ORANGE""$BOLD""Embedded Linux Analyzer Shellcheck""$NC" - echo -e "$BOLD""=================================================================""$NC" + echo -e "\\n""${ORANGE}""${BOLD}""Embedded Linux Analyzer Shellcheck""${NC}" + echo -e "${BOLD}""=================================================================""${NC}" - echo -e "\\n""$GREEN""Load all files for check:""$NC""\\n" + echo -e "\\n""${GREEN}""Load all files for check:""${NC}""\\n" import_emba_main import_installer @@ -147,58 +147,58 @@ check() { import_reporting_templates import_module - echo -e "\\n""$GREEN""Check all source for correct tab usage:""$NC""\\n" + echo -e "\\n""${GREEN}""Check all source for correct tab usage:""${NC}""\\n" for SOURCE in "${SOURCES[@]}"; do - echo -e "\\n""$GREEN""Run ${ORANGE}tab check$GREEN on $ORANGE$SOURCE""$NC""\\n" - if [[ $(grep -cP '\t' "$SOURCE") -eq 0 ]]; then - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "\\n""${GREEN}""Run ${ORANGE}tab check${GREEN} on ${ORANGE}${SOURCE}""${NC}""\\n" + if [[ $(grep -cP '\t' "${SOURCE}") -eq 0 ]]; then + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" else - echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n" - MODULES_TO_CHECK_ARR_TAB+=("$SOURCE") + echo -e "\\n""${ORANGE}""${BOLD}""==> FIX ERRORS""${NC}""\\n" + MODULES_TO_CHECK_ARR_TAB+=("${SOURCE}") fi done - echo -e "\\n""$GREEN""Check all source for correct comment usage:""$NC""\\n" + echo -e "\\n""${GREEN}""Check all source for correct comment usage:""${NC}""\\n" for SOURCE in "${SOURCES[@]}"; do - echo -e "\\n""$GREEN""Run ${ORANGE}comment check$GREEN on $ORANGE$SOURCE""$NC""\\n" - if [[ $(grep -E -R "^( )+?#" "$SOURCE" | grep -v "#\ \|bash\|/bin/sh\|shellcheck" | grep -v -E -c "#$") -eq 0 ]]; then - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "\\n""${GREEN}""Run ${ORANGE}comment check${GREEN} on ${ORANGE}${SOURCE}""${NC}""\\n" + if [[ $(grep -E -R "^( )+?#" "${SOURCE}" | grep -v "#\ \|bash\|/bin/sh\|shellcheck" | grep -v -E -c "#$") -eq 0 ]]; then + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" else - grep -E -R -n "^( )+?#" "$SOURCE" | grep -v "#\ \|bash\|shellcheck" | grep -v -E "#$" - echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n" - MODULES_TO_CHECK_ARR_COMMENT+=("$SOURCE") + grep -E -R -n "^( )+?#" "${SOURCE}" | grep -v "#\ \|bash\|shellcheck" | grep -v -E "#$" + echo -e "\\n""${ORANGE}""${BOLD}""==> FIX ERRORS""${NC}""\\n" + MODULES_TO_CHECK_ARR_COMMENT+=("${SOURCE}") fi done - echo -e "\\n""$GREEN""Run shellcheck and semgrep:""$NC""\\n" + echo -e "\\n""${GREEN}""Run shellcheck and semgrep:""${NC}""\\n" for SOURCE in "${SOURCES[@]}"; do - echo -e "\\n""$GREEN""Run ${ORANGE}shellcheck$GREEN on $ORANGE$SOURCE""$NC""\\n" - if shellcheck -x -P "$INSTALLER_DIR":"$HELP_DIR":"$MOD_DIR":"$MOD_DIR_LOCAL" "$SOURCE" || [[ $? -ne 1 && $? -ne 2 ]]; then - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "\\n""${GREEN}""Run ${ORANGE}shellcheck${GREEN} on ${ORANGE}${SOURCE}""${NC}""\\n" + if shellcheck -x -P "${INSTALLER_DIR}":"${HELP_DIR}":"${MOD_DIR}":"${MOD_DIR_LOCAL}" "${SOURCE}" || [[ $? -ne 1 && $? -ne 2 ]]; then + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" else - echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n" - MODULES_TO_CHECK_ARR+=("$SOURCE") + echo -e "\\n""${ORANGE}""${BOLD}""==> FIX ERRORS""${NC}""\\n" + MODULES_TO_CHECK_ARR+=("${SOURCE}") fi - echo -e "\\n""$GREEN""Run ${ORANGE}semgrep$GREEN on $ORANGE$SOURCE""$NC""\\n" - semgrep --disable-version-check --metrics=off --config "$EXT_DIR"/semgrep-rules/bash "$SOURCE" | tee /tmp/emba_semgrep.log + echo -e "\\n""${GREEN}""Run ${ORANGE}semgrep${GREEN} on ${ORANGE}${SOURCE}""${NC}""\\n" + semgrep --disable-version-check --metrics=off --config "${EXT_DIR}"/semgrep-rules/bash "${SOURCE}" | tee /tmp/emba_semgrep.log if grep -q "Findings:" /tmp/emba_semgrep.log; then - echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n" - MODULES_TO_CHECK_ARR_SEMGREP+=("$SOURCE") + echo -e "\\n""${ORANGE}""${BOLD}""==> FIX ERRORS""${NC}""\\n" + MODULES_TO_CHECK_ARR_SEMGREP+=("${SOURCE}") else - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" fi done - echo -e "\\n""$GREEN""Check all scripts for correct permissions:""$NC""\\n" + echo -e "\\n""${GREEN}""Check all scripts for correct permissions:""${NC}""\\n" for SOURCE in "${SOURCES[@]}"; do - echo -e "\\n""$GREEN""Check ${ORANGE}permission$GREEN on $ORANGE$SOURCE""$NC""\\n" - if stat -L -c "%a" "$SOURCE" | grep -q "755"; then - echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n" + echo -e "\\n""${GREEN}""Check ${ORANGE}permission${GREEN} on ${ORANGE}${SOURCE}""${NC}""\\n" + if stat -L -c "%a" "${SOURCE}" | grep -q "755"; then + echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n" else - echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n" - MODULES_TO_CHECK_ARR_PERM+=("$SOURCE") + echo -e "\\n""${ORANGE}""${BOLD}""==> FIX ERRORS""${NC}""\\n" + MODULES_TO_CHECK_ARR_PERM+=("${SOURCE}") fi done } @@ -209,55 +209,55 @@ summary() { fi if [[ "${#MODULES_TO_CHECK_ARR_TAB[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (tab vs spaces): ${#MODULES_TO_CHECK_ARR_TAB[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR_TAB[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi if [[ "${#MODULES_TO_CHECK_ARR_COMMENT[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (space after # sign): ${#MODULES_TO_CHECK_ARR_COMMENT[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR_COMMENT[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi if [[ "${#MODULES_TO_CHECK_ARR[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (shellcheck): ${#MODULES_TO_CHECK_ARR[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi if [[ "${#MODULES_TO_CHECK_ARR_SEMGREP[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (semgrep): ${#MODULES_TO_CHECK_ARR_SEMGREP[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR_SEMGREP[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi if [[ "${#MODULES_TO_CHECK_ARR_DOCKER[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (docker-compose): ${#MODULES_TO_CHECK_ARR_DOCKER[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR_DOCKER[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi if [[ "${#MODULES_TO_CHECK_ARR_PERM[@]}" -gt 0 ]]; then - echo -e "\\n\\n""$GREEN$BOLD""SUMMARY:$NC\\n" + echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n" echo -e "Modules to check (permissions): ${#MODULES_TO_CHECK_ARR_PERM[@]}\\n" for MODULE in "${MODULES_TO_CHECK_ARR_PERM[@]}"; do - echo -e "$ORANGE$BOLD==> FIX MODULE: ""$MODULE""$NC" + echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}" done - echo -e "$ORANGE""WARNING: Fix the errors before pushing to the EMBA repository!" + echo -e "${ORANGE}""WARNING: Fix the errors before pushing to the EMBA repository!" fi } @@ -265,13 +265,13 @@ summary() { check_tools() { TOOLS=("semgrep" "shellcheck") for TOOL in "${TOOLS[@]}";do - if ! command -v "$TOOL" > /dev/null ; then - echo -e "\\n""$RED""$TOOL is not installed correctly""$NC""\\n" + if ! command -v "${TOOL}" > /dev/null ; then + echo -e "\\n""${RED}""${TOOL} is not installed correctly""${NC}""\\n" exit 1 fi done if ! [[ -d ./external/semgrep-rules/bash ]]; then - echo -e "\\n""$RED""$BOLD""Please install semgrep-rules to directory ./external to perform all checks""$NC""\\n" + echo -e "\\n""${RED}""${BOLD}""Please install semgrep-rules to directory ./external to perform all checks""${NC}""\\n" echo -e "${ORANGE}git clone https://github.com/returntocorp/semgrep-rules.git external/semgrep-rule${NC}" exit 1 fi diff --git a/emba b/emba index 083474d23..3a2b1b902 100755 --- a/emba +++ b/emba @@ -25,16 +25,16 @@ import_helper() local HELPERS=() local HELPER_COUNT=0 local HELPER_FILE="" - mapfile -d '' HELPERS < <(find "$HELP_DIR" -iname "helpers_emba_*.sh" -print0 2> /dev/null) + mapfile -d '' HELPERS < <(find "${HELP_DIR}" -iname "helpers_emba_*.sh" -print0 2> /dev/null) for HELPER_FILE in "${HELPERS[@]}" ; do - if ( file "$HELPER_FILE" | grep -q "shell script" ) && ! [[ "$HELPER_FILE" =~ \ |\' ]] ; then + if ( file "${HELPER_FILE}" | grep -q "shell script" ) && ! [[ "${HELPER_FILE}" =~ \ |\' ]] ; then # https://github.com/koalaman/shellcheck/wiki/SC1090 # shellcheck source=/dev/null - source "$HELPER_FILE" + source "${HELPER_FILE}" (( HELPER_COUNT+=1 )) fi done - print_output "==> ""$GREEN""Imported ""$HELPER_COUNT"" helper files""$NC" "no_log" + print_output "==> ""${GREEN}""Imported ""${HELPER_COUNT}"" helper files""${NC}" "no_log" } import_module() @@ -47,20 +47,20 @@ import_module() # to ensure we are only auto load modules from the modules main directory we set maxdepth # with this in place we can create sub directories per module. For using/loading stuff from # these sub directories the modules are responsible! - mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -maxdepth 1 -name "*.sh" | sort -V 2> /dev/null) + mapfile -t MODULES_EMBA < <(find "${MOD_DIR}" -maxdepth 1 -name "*.sh" | sort -V 2> /dev/null) if [[ -d "${MOD_DIR_LOCAL}" ]]; then mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -maxdepth 1 -name "*.sh" 2>/dev/null | sort -V 2> /dev/null) fi MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" ) for MODULE_FILE in "${MODULES[@]}" ; do - if ( file "$MODULE_FILE" | grep -q "shell script" ) && ! [[ "$MODULE_FILE" =~ \ |\' ]] ; then + if ( file "${MODULE_FILE}" | grep -q "shell script" ) && ! [[ "${MODULE_FILE}" =~ \ |\' ]] ; then # https://github.com/koalaman/shellcheck/wiki/SC1090 # shellcheck source=/dev/null - source "$MODULE_FILE" + source "${MODULE_FILE}" (( MODULE_COUNT+=1 )) fi done - print_output "==> ""$GREEN""Imported ""$MODULE_COUNT"" module/s""$NC" "no_log" + print_output "==> ""${GREEN}""Imported ""${MODULE_COUNT}"" module/s""${NC}" "no_log" } sort_modules() @@ -68,15 +68,15 @@ sort_modules() local SORTED_MODULES=() local MODULE_FILE="" for MODULE_FILE in "${MODULES[@]}" ; do - if ( file "$MODULE_FILE" | grep -q "shell script" ) && ! [[ "$MODULE_FILE" =~ \ |\' ]] ; then + if ( file "${MODULE_FILE}" | grep -q "shell script" ) && ! [[ "${MODULE_FILE}" =~ \ |\' ]] ; then THREAD_PRIO=0 # https://github.com/koalaman/shellcheck/wiki/SC1090 # shellcheck source=/dev/null - source "$MODULE_FILE" - if [[ $THREAD_PRIO -eq 1 ]] ; then - SORTED_MODULES=( "$MODULE_FILE" "${SORTED_MODULES[@]}" ) + source "${MODULE_FILE}" + if [[ ${THREAD_PRIO} -eq 1 ]] ; then + SORTED_MODULES=( "${MODULE_FILE}" "${SORTED_MODULES[@]}" ) else - SORTED_MODULES=( "${SORTED_MODULES[@]}" "$MODULE_FILE" ) + SORTED_MODULES=( "${SORTED_MODULES[@]}" "${MODULE_FILE}" ) fi fi done @@ -87,19 +87,19 @@ sort_modules() check_cve_search_job() { local EMBA_PID="${1:-}" - if ! [[ "$EMBA_PID" =~ [0-9]+ ]]; then + if ! [[ "${EMBA_PID}" =~ [0-9]+ ]]; then print_output "[-] WARNING: No EMBA PID detected ... are we really running?!?" return fi while true; do - if [[ -f "$LOG_DIR"/emba.log ]]; then - if grep -q "Test ended\|EMBA failed" "$LOG_DIR"/emba.log 2>/dev/null; then + if [[ -f "${LOG_DIR}"/emba.log ]]; then + if grep -q "Test ended\|EMBA failed" "${LOG_DIR}"/emba.log 2>/dev/null; then break fi fi # shellcheck disable=SC2009 - if ! ps aux | grep -v grep | grep -q "$EMBA_PID"; then + if ! ps aux | grep -v grep | grep -q "${EMBA_PID}"; then break fi check_nw_interface @@ -114,219 +114,219 @@ check_cve_search_job() { run_modules() { MODULE_GROUP="${1:-}" - printf -v THREADING_SET '%d\n' "$2" 2>/dev/null - THREADING_MOD_GROUP="$THREADING_SET" + printf -v THREADING_SET '%d\n' "${2}" 2>/dev/null + THREADING_MOD_GROUP="${THREADING_SET}" local SELECT_PRE_MODULES_COUNT=0 for SELECT_NUM in "${SELECT_MODULES[@]}" ; do - if [[ "$SELECT_NUM" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1} ]]; then + if [[ "${SELECT_NUM}" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1} ]]; then (( SELECT_PRE_MODULES_COUNT+=1 )) fi done - if [[ ${#SELECT_MODULES[@]} -eq 0 ]] || [[ $SELECT_PRE_MODULES_COUNT -eq 0 ]]; then + if [[ "${#SELECT_MODULES[@]}" -eq 0 ]] || [[ "${SELECT_PRE_MODULES_COUNT}" -eq 0 ]]; then local MODULES=() local MODULES_LOCAL=() local MODULES_EMBA=() - mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null) + mapfile -t MODULES_EMBA < <(find "${MOD_DIR}" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null) if [[ -d "${MOD_DIR_LOCAL}" ]]; then mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "${MODULE_GROUP^^}""*.sh" 2>/dev/null | sort -V 2> /dev/null) fi MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" ) export MODULES_EXPORTED+=("${MODULES[@]}") - if [[ $THREADING_SET -eq 1 && "${MODULE_GROUP^^}" != "P" ]] ; then + if [[ ${THREADING_SET} -eq 1 && "${MODULE_GROUP^^}" != "P" ]] ; then sort_modules fi for MODULE_FILE in "${MODULES[@]}" ; do - # check if "$MODULE_NAME" is in blacklist from config directory and skip it - MODULE_NAME=$(basename -s .sh "$MODULE_FILE") + # check if "${MODULE_NAME}" is in blacklist from config directory and skip it + MODULE_NAME=$(basename -s .sh "${MODULE_FILE}") if [[ " ${MODULE_BLACKLIST[*]} " =~ ${MODULE_NAME} ]]; then print_output "[*] $(date) - ${MODULE_NAME} not executed - blacklist triggered " "main" continue fi - if [[ "$SKIP_PRE_CHECKERS" == 1 ]] && [[ "$MODULE_GROUP" == "P" ]]; then + if [[ "${SKIP_PRE_CHECKERS}" == 1 ]] && [[ "${MODULE_GROUP}" == "P" ]]; then print_output "[*] $(date) - ${MODULE_NAME} not executed - skip pre-checkers is set " "main" continue fi local MOD_FIN=0 - if ( file "$MODULE_FILE" | grep -q "shell script" ) && ! [[ "$MODULE_FILE" =~ \ |\' ]] ; then + if ( file "${MODULE_FILE}" | grep -q "shell script" ) && ! [[ "${MODULE_FILE}" =~ \ |\' ]] ; then if [[ "${MODULE_GROUP^^}" == "P" ]]; then # we are able to enable/disable threading on module basis in the the pre-checker modules with the header: # export PRE_THREAD_ENA=1/0 # shellcheck source=/dev/null - source "$MODULE_FILE" - if [[ $PRE_THREAD_ENA -eq 0 ]] ; then + source "${MODULE_FILE}" + if [[ "${PRE_THREAD_ENA}" -eq 0 ]] ; then THREADING_SET=0 fi fi - MODULE_BN=$(basename "$MODULE_FILE") + MODULE_BN=$(basename "${MODULE_FILE}") MODULE_MAIN=${MODULE_BN%.*} - # module_start_log "$MODULE_MAIN" - if [[ "$RESTART" -eq 1 ]]; then - if [[ $(grep -i -c "$MODULE_MAIN finished" "$LOG_DIR"/"$MAIN_LOG_FILE") -gt 0 ]]; then - if [[ "$MODULE_MAIN" == "P99_"* ]] || [[ "$MODULE_MAIN" == "L1"* ]]; then - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished but essential - rerun it" "main" + # module_start_log "${MODULE_MAIN}" + if [[ "${RESTART}" -eq 1 ]]; then + if [[ $(grep -i -c "${MODULE_MAIN} finished" "${LOG_DIR}"/"${MAIN_LOG_FILE}") -gt 0 ]]; then + if [[ "${MODULE_MAIN}" == "P99_"* ]] || [[ "${MODULE_MAIN}" == "L1"* ]]; then + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished but essential - rerun it" "main" MOD_FIN=0 else - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished ... skipping" "main" + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished ... skipping" "main" MOD_FIN=1 - if [[ $HTML -eq 1 ]] ; then + if [[ ${HTML} -eq 1 ]] ; then # we need to build the web reporter links for skipping modules - mapfile -t LOG_FILES < <(find "$LOG_DIR" -maxdepth 1 -type f -iname "$MODULE_MAIN*.txt" | sort) + mapfile -t LOG_FILES < <(find "${LOG_DIR}" -maxdepth 1 -type f -iname "${MODULE_MAIN}*.txt" | sort) for LOG_FILE_ in "${LOG_FILES[@]}"; do - if grep -q "nothing reported" "$LOG_FILE_"; then + if grep -q "nothing reported" "${LOG_FILE_}"; then continue fi - MODULE_NAME_=$(basename -s .txt "$LOG_FILE_") - MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "$LOG_FILE_" | head -n 1 )" | cut -d" " -f2- )" - HTML_FILE="$MODULE_NAME_.html" - add_link_to_index "$HTML_FILE" "$MODUL_NAME" + MODULE_NAME_=$(basename -s .txt "${LOG_FILE_}") + MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "${LOG_FILE_}" | head -n 1 )" | cut -d" " -f2- )" + HTML_FILE="${MODULE_NAME_}.html" + add_link_to_index "${HTML_FILE}" "${MODUL_NAME}" done fi fi fi fi - if [[ "$MOD_FIN" -eq 0 ]]; then - if [[ $THREADING_SET -eq 1 ]]; then - "$MODULE_MAIN" & + if [[ "${MOD_FIN}" -eq 0 ]]; then + if [[ ${THREADING_SET} -eq 1 ]]; then + "${MODULE_MAIN}" & MOD_PID="$!" - store_kill_pids "$MOD_PID" - WAIT_PIDS+=( "$MOD_PID" ) - max_pids_protection "$MAX_MODS" "${WAIT_PIDS[@]}" + store_kill_pids "${MOD_PID}" + WAIT_PIDS+=( "${MOD_PID}" ) + max_pids_protection "${MAX_MODS}" "${WAIT_PIDS[@]}" else - "$MODULE_MAIN" + "${MODULE_MAIN}" fi fi reset_module_count fi if [[ "${MODULE_GROUP^^}" == "P" ]]; then - THREADING_SET="$THREADING_MOD_GROUP" + THREADING_SET="${THREADING_MOD_GROUP}" fi done else for SELECT_NUM in "${SELECT_MODULES[@]}" ; do local MOD_FIN=0 - if [[ "$SELECT_NUM" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1}[0-9]+ ]]; then + if [[ "${SELECT_NUM}" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1}[0-9]+ ]]; then local MODULE="" - MODULE=$(find "$MOD_DIR" -name "${MODULE_GROUP^^}""${SELECT_NUM:1}""_*.sh" | sort -V 2> /dev/null) + MODULE=$(find "${MOD_DIR}" -name "${MODULE_GROUP^^}""${SELECT_NUM:1}""_*.sh" | sort -V 2> /dev/null) # we need the whole module name including path in our array for later checks on it export MODULES_EXPORTED+=("${MODULE}") - if ( file "$MODULE" | grep -q "shell script" ) && ! [[ "$MODULE" =~ \ |\' ]] ; then - MODULE_BN=$(basename "$MODULE") + if ( file "${MODULE}" | grep -q "shell script" ) && ! [[ "${MODULE}" =~ \ |\' ]] ; then + MODULE_BN=$(basename "${MODULE}") MODULE_MAIN=${MODULE_BN%.*} - # module_start_log "$MODULE_MAIN" - if [[ "$RESTART" -eq 1 ]]; then - if [[ $(grep -i -c "$MODULE_MAIN finished" "$LOG_DIR"/"$MAIN_LOG_FILE") -gt 0 ]]; then - if [[ "$MODULE_MAIN" == "P99_"* ]] || [[ "$MODULE_MAIN" == "L1"* ]]; then - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished but essential - rerun it" "main" + # module_start_log "${MODULE_MAIN}" + if [[ "${RESTART}" -eq 1 ]]; then + if [[ $(grep -i -c "${MODULE_MAIN} finished" "${LOG_DIR}"/"${MAIN_LOG_FILE}") -gt 0 ]]; then + if [[ "${MODULE_MAIN}" == "P99_"* ]] || [[ "${MODULE_MAIN}" == "L1"* ]]; then + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished but essential - rerun it" "main" MOD_FIN=0 else - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished ... skipping" "main" + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished ... skipping" "main" MOD_FIN=1 - if [[ $HTML -eq 1 ]] ; then + if [[ ${HTML} -eq 1 ]] ; then # we need to build the web reporter links for skipping modules - mapfile -t LOG_FILES < <(find "$LOG_DIR" -maxdepth 1 -type f -iname "$MODULE_MAIN*.txt" | sort) + mapfile -t LOG_FILES < <(find "${LOG_DIR}" -maxdepth 1 -type f -iname "${MODULE_MAIN}*.txt" | sort) for LOG_FILE_ in "${LOG_FILES[@]}"; do - if grep -q "nothing reported" "$LOG_FILE_"; then + if grep -q "nothing reported" "${LOG_FILE_}"; then continue fi - MODULE_NAME_=$(basename -s .txt "$LOG_FILE_") - MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "$LOG_FILE_" | head -n 1 )" | cut -d" " -f2- )" - HTML_FILE="$MODULE_NAME_.html" - add_link_to_index "$HTML_FILE" "$MODUL_NAME" + MODULE_NAME_=$(basename -s .txt "${LOG_FILE_}") + MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "${LOG_FILE_}" | head -n 1 )" | cut -d" " -f2- )" + HTML_FILE="${MODULE_NAME_}.html" + add_link_to_index "${HTML_FILE}" "${MODUL_NAME}" done fi fi fi fi - if [[ "$MOD_FIN" -eq 0 ]]; then - if [[ $THREADING_SET -eq 1 ]]; then - "$MODULE_MAIN" & + if [[ "${MOD_FIN}" -eq 0 ]]; then + if [[ ${THREADING_SET} -eq 1 ]]; then + "${MODULE_MAIN}" & MOD_PID="$!" - store_kill_pids "$MOD_PID" - WAIT_PIDS+=( "$MOD_PID" ) - max_pids_protection "$MAX_MODS" "${WAIT_PIDS[@]}" + store_kill_pids "${MOD_PID}" + WAIT_PIDS+=( "${MOD_PID}" ) + max_pids_protection "${MAX_MODS}" "${WAIT_PIDS[@]}" else - "$MODULE_MAIN" + "${MODULE_MAIN}" fi fi reset_module_count fi - elif [[ "$SELECT_NUM" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1} ]]; then + elif [[ "${SELECT_NUM}" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1} ]]; then local MODULES=() local MODULES_LOCAL=() local MODULES_EMBA=() - mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null) + mapfile -t MODULES_EMBA < <(find "${MOD_DIR}" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null) if [[ -d "${MOD_DIR_LOCAL}" ]]; then mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "${MODULE_GROUP^^}""*.sh" 2>/dev/null | sort -V 2> /dev/null) fi MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" ) - [[ $THREADING_SET -eq 1 ]] && sort_modules + [[ ${THREADING_SET} -eq 1 ]] && sort_modules for MODULE_FILE in "${MODULES[@]}" ; do - # check if "$MODULE_NAME" is in blacklist from config directory and skip it - MODULE_NAME=$(basename -s .sh "$MODULE_FILE") + # check if "${MODULE_NAME}" is in blacklist from config directory and skip it + MODULE_NAME=$(basename -s .sh "${MODULE_FILE}") if [[ " ${MODULE_BLACKLIST[*]} " =~ ${MODULE_NAME} ]]; then print_output "[*] $(date) - ${MODULE_NAME} not executed - blacklist triggered " "main" continue fi local MOD_FIN=0 - if ( file "$MODULE_FILE" | grep -q "shell script" ) && ! [[ "$MODULE_FILE" =~ \ |\' ]] ; then + if ( file "${MODULE_FILE}" | grep -q "shell script" ) && ! [[ "${MODULE_FILE}" =~ \ |\' ]] ; then if [[ "${MODULE_GROUP^^}" == "P" ]]; then # we are able to enable/disable threading on module basis in the the pre-checker modules with the header: # export PRE_THREAD_ENA=1/0 # shellcheck source=/dev/null - source "$MODULE_FILE" - if [[ $PRE_THREAD_ENA -eq 0 ]] ; then + source "${MODULE_FILE}" + if [[ "${PRE_THREAD_ENA}" -eq 0 ]] ; then THREADING_SET=0 fi fi - MODULE_BN=$(basename "$MODULE_FILE") + MODULE_BN=$(basename "${MODULE_FILE}") MODULE_MAIN=${MODULE_BN%.*} - # module_start_log "$MODULE_MAIN" - if [[ "$RESTART" -eq 1 ]]; then - if [[ $(grep -i -c "$MODULE_MAIN finished" "$LOG_DIR"/"$MAIN_LOG_FILE") -gt 0 ]]; then - if [[ "$MODULE_MAIN" == "P99_"* ]] || [[ "$MODULE_MAIN" == "L1"* ]]; then - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished but essential - rerun it" "main" + # module_start_log "${MODULE_MAIN}" + if [[ "${RESTART}" -eq 1 ]]; then + if [[ $(grep -i -c "${MODULE_MAIN} finished" "${LOG_DIR}"/"${MAIN_LOG_FILE}") -gt 0 ]]; then + if [[ "${MODULE_MAIN}" == "P99_"* ]] || [[ "${MODULE_MAIN}" == "L1"* ]]; then + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished but essential - rerun it" "main" MOD_FIN=0 else - print_output "[*] Module $ORANGE$MODULE_MAIN$NC already finished ... skipping" "main" + print_output "[*] Module ${ORANGE}${MODULE_MAIN}${NC} already finished ... skipping" "main" MOD_FIN=1 - if [[ $HTML -eq 1 ]] ; then + if [[ ${HTML} -eq 1 ]] ; then # we need to build the web reporter links for skipping modules - mapfile -t LOG_FILES < <(find "$LOG_DIR" -maxdepth 1 -type f -iname "$MODULE_MAIN*.txt" | sort) + mapfile -t LOG_FILES < <(find "${LOG_DIR}" -maxdepth 1 -type f -iname "${MODULE_MAIN}*.txt" | sort) for LOG_FILE_ in "${LOG_FILES[@]}"; do - if grep -q "nothing reported" "$LOG_FILE_"; then + if grep -q "nothing reported" "${LOG_FILE_}"; then continue fi - MODULE_NAME_=$(basename -s .txt "$LOG_FILE_") - MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "$LOG_FILE_" | head -n 1 )" | cut -d" " -f2- )" - HTML_FILE="$MODULE_NAME_.html" - add_link_to_index "$HTML_FILE" "$MODUL_NAME" + MODULE_NAME_=$(basename -s .txt "${LOG_FILE_}") + MODUL_NAME="$( strip_color_tags "$(grep -a -E -B 1 '[=]{65}' "${LOG_FILE_}" | head -n 1 )" | cut -d" " -f2- )" + HTML_FILE="${MODULE_NAME_}.html" + add_link_to_index "${HTML_FILE}" "${MODUL_NAME}" done fi fi fi fi - if [[ "$MOD_FIN" -eq 0 ]]; then - if [[ $THREADING_SET -eq 1 ]]; then - "$MODULE_MAIN" & + if [[ "${MOD_FIN}" -eq 0 ]]; then + if [[ ${THREADING_SET} -eq 1 ]]; then + "${MODULE_MAIN}" & MOD_PID="$!" - store_kill_pids "$MOD_PID" - WAIT_PIDS+=( "$MOD_PID" ) - max_pids_protection "$MAX_MODS" "${WAIT_PIDS[@]}" + store_kill_pids "${MOD_PID}" + WAIT_PIDS+=( "${MOD_PID}" ) + max_pids_protection "${MAX_MODS}" "${WAIT_PIDS[@]}" else - "$MODULE_MAIN" + "${MODULE_MAIN}" fi fi reset_module_count fi if [[ "${MODULE_GROUP^^}" == "P" ]]; then - THREADING_SET="$THREADING_MOD_GROUP" + THREADING_SET="${THREADING_MOD_GROUP}" fi done fi @@ -338,12 +338,12 @@ main() { set -a trap cleaner INT - INVOCATION_PATH="$(dirname "$0")" + INVOCATION_PATH="$(dirname "${0}")" export EMBA_PID="$$" # loads default values for EMBA - export HELP_DIR="$INVOCATION_PATH""/helpers" + export HELP_DIR="${INVOCATION_PATH}""/helpers" import_helper set_defaults @@ -353,14 +353,14 @@ main() { welcome # Print EMBA welcome message if [[ $# -eq 0 ]]; then - print_output "\\n""$ORANGE""In order to be able to use EMBA, you have to specify at least a firmware (-f)." "no_log" - print_output "If you don't set a log directory (-l), then ./logs will be used.""$NC" "no_log" + print_output "\\n""${ORANGE}""In order to be able to use EMBA, you have to specify at least a firmware (-f)." "no_log" + print_output "If you don't set a log directory (-l), then ./logs will be used.""${NC}" "no_log" print_help exit 1 fi export EMBA_COMMAND - EMBA_COMMAND="$(dirname "$0")""/emba ""$*" + EMBA_COMMAND="$(dirname "${0}")""/emba ""$*" emba_parameter_parsing "$@" @@ -369,7 +369,7 @@ main() { write_notification "EMBA starting" # WSL support - currently experimental! - if [[ $IN_DOCKER -eq 0 ]]; then + if [[ ${IN_DOCKER} -eq 0 ]]; then if grep -q -i wsl /proc/version; then print_bar "no_log" print_ln "no_log" @@ -383,142 +383,142 @@ main() { fi # print it only once per EMBA run - not again from started container - [[ $IN_DOCKER -eq 0 ]] && banner_printer + [[ ${IN_DOCKER} -eq 0 ]] && banner_printer - if [[ $IN_DOCKER -eq 1 ]] ; then + if [[ ${IN_DOCKER} -eq 1 ]] ; then # set external path new for docker export EXT_DIR="/external" - export PATH_CVE_SEARCH="$EXT_DIR""/cve-search/bin/search.py" + export PATH_CVE_SEARCH="${EXT_DIR}""/cve-search/bin/search.py" fi # Check all dependencies of EMBA dependency_check - if [[ "$ONLY_DEP" -eq 0 ]]; then - if [[ "$UPDATE" -eq 1 ]]; then + if [[ "${ONLY_DEP}" -eq 0 ]]; then + if [[ "${UPDATE}" -eq 1 ]]; then write_notification "EMBA starts with update" emba_updater exit 0 fi - if [[ $USE_DOCKER -eq 0 && $IN_DOCKER -eq 0 ]]; then + if [[ ${USE_DOCKER} -eq 0 && ${IN_DOCKER} -eq 0 ]]; then print_bar "no_log" print_output "[!] WARNING: EMBA running in developer mode!" "no_log" write_notification "WARNING: EMBA running in developer mode" print_bar "no_log" fi - enable_strict_mode "$STRICT_MODE" 1 + enable_strict_mode "${STRICT_MODE}" 1 # profile handling if [[ -n "${PROFILE:-}" ]]; then - if [[ -f "$PROFILE" ]]; then + if [[ -f "${PROFILE}" ]]; then print_bar "no_log" - if [[ $IN_DOCKER -ne 1 ]] ; then + if [[ ${IN_DOCKER} -ne 1 ]] ; then print_output "[*] Loading EMBA scan profile with the following settings:" "no_log" else print_output "[*] Loading EMBA scan profile." "no_log" fi # all profile output and settings are done by the profile file located in ./scan-profiles/ # shellcheck source=/dev/null - source "$PROFILE" - print_output "[*] Profile $PROFILE loaded." "no_log" + source "${PROFILE}" + print_output "[*] Profile ${PROFILE} loaded." "no_log" print_bar "no_log" else - print_output "[!] Profile $PROFILE not found." "no_log" + print_output "[!] Profile ${PROFILE} not found." "no_log" exit 1 fi fi - if [[ "$ONLY_DEP" -eq 0 ]]; then + if [[ "${ONLY_DEP}" -eq 0 ]]; then # check provided paths for validity - check_path_valid "$FIRMWARE_PATH" - check_path_valid "$KERNEL_CONFIG" - check_path_valid "$LOG_DIR" + check_path_valid "${FIRMWARE_PATH}" + check_path_valid "${KERNEL_CONFIG}" + check_path_valid "${LOG_DIR}" fi # restart file gets generated during startup if old log dir is found: - if [[ $USE_DOCKER -eq 1 && $IN_DOCKER -eq 1 ]] || [[ "$USE_DOCKER" -eq 0 ]]; then - if [[ -f "$TMP_DIR"/restart ]]; then + if [[ ${USE_DOCKER} -eq 1 && ${IN_DOCKER} -eq 1 ]] || [[ "${USE_DOCKER}" -eq 0 ]]; then + if [[ -f "${TMP_DIR}"/restart ]]; then print_output "[!] Found restart file and backup_vars file ... trying to restart EMBA scan" "no_log" export RESTART=1 - rm "$TMP_DIR"/restart + rm "${TMP_DIR}"/restart # shellcheck source=/dev/null - source "$LOG_DIR""/backup_vars.log" + source "${LOG_DIR}""/backup_vars.log" fi fi # check if LOG_DIR exists and prompt to terminal to delete its content (Y/n) - [[ $IN_DOCKER -eq 0 ]] && log_folder + [[ ${IN_DOCKER} -eq 0 ]] && log_folder # create log directory, if not exists and needed subdirectories # do not create a log dir for dep check - [[ "$ONLY_DEP" -eq 0 ]] && create_log_dir + [[ "${ONLY_DEP}" -eq 0 ]] && create_log_dir # kernel downloader runs on the host and waits for an identified kernel version. Afterwards # it tries to download the kernel sources for further analysis - if [[ $IN_DOCKER -eq 0 ]]; then + if [[ ${IN_DOCKER} -eq 0 ]]; then kernel_downloader & K_DOWN_PID="$!" - store_kill_pids "$K_DOWN_PID" - print_output "[*] Started kernel downloader thread with PID $ORANGE$K_DOWN_PID$NC" "no_log" + store_kill_pids "${K_DOWN_PID}" + print_output "[*] Started kernel downloader thread with PID ${ORANGE}${K_DOWN_PID}${NC}" "no_log" fi - if [[ $IN_DOCKER -eq 0 ]]; then - echo "$LOG_DIR" > "$TMP_DIR"/orig_logdir + if [[ ${IN_DOCKER} -eq 0 ]]; then + echo "${LOG_DIR}" > "${TMP_DIR}"/orig_logdir fi - if [[ "$IN_DOCKER" -eq 0 ]]; then + if [[ "${IN_DOCKER}" -eq 0 ]]; then print_notification & NOTIFICATION_PID="$!" - store_kill_pids "$NOTIFICATION_PID" - disown "$NOTIFICATION_PID" 2> /dev/null || true - print_output "[*] Original user: $ORANGE${SUDO_USER:-${USER}}$NC" "no_log" - print_output "[*] Notification process started with PID $ORANGE${NOTIFICATION_PID}$NC" "no_log" - echo "${SUDO_USER:-${USER}}" > "$LOG_DIR"/orig_user.log - echo "UID: $(id -u "${SUDO_USER:-${USER}}")" >> "$LOG_DIR"/orig_user.log - echo "GID: $(id -g "${SUDO_USER:-${USER}}")" >> "$LOG_DIR"/orig_user.log + store_kill_pids "${NOTIFICATION_PID}" + disown "${NOTIFICATION_PID}" 2> /dev/null || true + print_output "[*] Original user: ${ORANGE}${SUDO_USER:-${USER}}${NC}" "no_log" + print_output "[*] Notification process started with PID ${ORANGE}${NOTIFICATION_PID}${NC}" "no_log" + echo "${SUDO_USER:-${USER}}" > "${LOG_DIR}"/orig_user.log + echo "UID: $(id -u "${SUDO_USER:-${USER}}")" >> "${LOG_DIR}"/orig_user.log + echo "GID: $(id -g "${SUDO_USER:-${USER}}")" >> "${LOG_DIR}"/orig_user.log fi # Print additional information about the firmware (-Y, -X, -Z, -N) - print_firmware_info "$FW_VENDOR" "$FW_VERSION" "$FW_DEVICE" "$FW_NOTES" - if [[ "$KERNEL" -ne 1 ]] && [[ "$CONTAINER_EXTRACT" -ne 1 ]] && [[ "$ONLY_DEP" -eq 0 ]]; then + print_firmware_info "${FW_VENDOR}" "${FW_VERSION}" "${FW_DEVICE}" "${FW_NOTES}" + if [[ "${KERNEL}" -ne 1 ]] && [[ "${CONTAINER_EXTRACT}" -ne 1 ]] && [[ "${ONLY_DEP}" -eq 0 ]]; then check_init_size fi # Now we have the firmware and log path, lets set some additional paths - FIRMWARE_PATH="$(abs_path "$FIRMWARE_PATH")" - export MAIN_LOG="$LOG_DIR""/""$MAIN_LOG_FILE" + FIRMWARE_PATH="$(abs_path "${FIRMWARE_PATH}")" + export MAIN_LOG="${LOG_DIR}""/""${MAIN_LOG_FILE}" # Check firmware type (file/directory) # copy the firmware outside of the docker and not a second time within the docker - if [[ -d "$FIRMWARE_PATH" ]] ; then + if [[ -d "${FIRMWARE_PATH}" ]] ; then PRE_CHECK=1 print_output "[*] Firmware directory detected." "no_log" print_output "[*] EMBA starts with testing the environment." "no_log" - if [[ $IN_DOCKER -eq 0 ]] ; then + if [[ ${IN_DOCKER} -eq 0 ]] ; then # in docker environment the firmware is already available - print_output " The provided firmware will be copied to $ORANGE""$FIRMWARE_PATH_CP""/""$(basename "$FIRMWARE_PATH")""$NC" "no_log" - cp -R "$FIRMWARE_PATH" "$FIRMWARE_PATH_CP""/""$(basename "$FIRMWARE_PATH")" - FIRMWARE_PATH="$FIRMWARE_PATH_CP""/""$(basename "$FIRMWARE_PATH")" - export OUTPUT_DIR="$FIRMWARE_PATH_CP" + print_output " The provided firmware will be copied to ${ORANGE}""${FIRMWARE_PATH_CP}""/""$(basename "${FIRMWARE_PATH}")""${NC}" "no_log" + cp -R "${FIRMWARE_PATH}" "${FIRMWARE_PATH_CP}""/""$(basename "${FIRMWARE_PATH}")" + FIRMWARE_PATH="${FIRMWARE_PATH_CP}""/""$(basename "${FIRMWARE_PATH}")" + export OUTPUT_DIR="${FIRMWARE_PATH_CP}" else # need to set it as fallback: - export OUTPUT_DIR="$FIRMWARE_PATH" + export OUTPUT_DIR="${FIRMWARE_PATH}" fi - elif [[ "$CONTAINER_EXTRACT" -eq 1 ]]; then + elif [[ "${CONTAINER_EXTRACT}" -eq 1 ]]; then PRE_CHECK=1 print_output "[*] Firmware analysis of docker image starting." "no_log" - print_output " EMBA starts with extracting the docker image $ORANGE$CONTAINER_ID$NC." "no_log" - export FIRMWARE_PATH="$LOG_DIR"/firmware/firmware_docker_extracted.tar - export OUTPUT_DIR="$FIRMWARE_PATH" + print_output " EMBA starts with extracting the docker image ${ORANGE}${CONTAINER_ID}${NC}." "no_log" + export FIRMWARE_PATH="${LOG_DIR}"/firmware/firmware_docker_extracted.tar + export OUTPUT_DIR="${FIRMWARE_PATH}" export FIRMWARE=1 - elif [[ -f "$FIRMWARE_PATH" ]]; then + elif [[ -f "${FIRMWARE_PATH}" ]]; then PRE_CHECK=1 print_output "[*] Firmware binary detected." "no_log" print_output " EMBA starts with the pre-testing phase." "no_log" - export OUTPUT_DIR="$FIRMWARE_PATH" - elif [[ -f "$KERNEL_CONFIG" && "$KERNEL" -eq 1 ]]; then + export OUTPUT_DIR="${FIRMWARE_PATH}" + elif [[ -f "${KERNEL_CONFIG}" && "${KERNEL}" -eq 1 ]]; then print_output "[*] Kernel configuration file detected." "no_log" else print_output "[!] Invalid firmware file" "no_log" @@ -527,35 +527,35 @@ main() { fi # calculate the maximum modules are running in parallel - if [[ $THREADED -eq 1 ]] && [[ "$MAX_MODS" -eq 0 ]]; then + if [[ ${THREADED} -eq 1 ]] && [[ "${MAX_MODS}" -eq 0 ]]; then # the maximum modules in parallel # rule of thumb - per core half a module, minimum 2 modules MAX_MODS="$(( "$(grep -c ^processor /proc/cpuinfo)" /2 +1))" # if we have only one core we run two modules in parallel - if [[ "$MAX_MODS" -lt 2 ]]; then + if [[ "${MAX_MODS}" -lt 2 ]]; then MAX_MODS=2 fi export MAX_MODS fi # calculate the maximum threads per module - if [[ $THREADED -eq 1 ]] && [[ "$MAX_MOD_THREADS" -eq 0 ]]; then + if [[ ${THREADED} -eq 1 ]] && [[ "${MAX_MOD_THREADS}" -eq 0 ]]; then # the maximum threads per modules - if this value does not match adjust it via # local MAX_MOD_THREADS=123 in module area export MAX_MOD_THREADS="$(( 2* "$(grep -c ^processor /proc/cpuinfo)" ))" fi # setup non threaded mode: - if [[ $THREADED -eq 0 ]]; then + if [[ ${THREADED} -eq 0 ]]; then export MAX_MODS=1 export MAX_MOD_THREADS=1 fi - print_output " EMBA is running with $ORANGE$MAX_MODS$NC modules in parallel and $ORANGE$MAX_MOD_THREADS$NC threads per module." "no_log" + print_output " EMBA is running with ${ORANGE}${MAX_MODS}${NC} modules in parallel and ${ORANGE}${MAX_MOD_THREADS}${NC} threads per module." "no_log" # Change log output to color for web report and prepare report - if [[ $HTML -eq 1 ]] ; then - if [[ $FORMAT_LOG -eq 0 ]] ; then + if [[ ${HTML} -eq 1 ]] ; then + if [[ ${FORMAT_LOG} -eq 0 ]] ; then FORMAT_LOG=1 print_output "[*] Activate colored log for webreport" "no_log" fi @@ -563,13 +563,13 @@ main() { prepare_report fi - if [[ $LOG_GREP -eq 1 ]] ; then + if [[ ${LOG_GREP} -eq 1 ]] ; then # Create grep-able log file create_grep_log - write_grep_log "sudo ""$EMBA_COMMAND" "COMMAND" + write_grep_log "sudo ""${EMBA_COMMAND}" "COMMAND" fi - if [[ "$KERNEL" -ne 1 ]] && [[ $FIRMWARE -eq 1 ]]; then + if [[ "${KERNEL}" -ne 1 ]] && [[ ${FIRMWARE} -eq 1 ]]; then # Exclude paths from testing and set EXCL_FIND for find command (prune paths dynamicially) set_exclude fi @@ -577,20 +577,20 @@ main() { ####################################################################################### # Kernel configuration check ####################################################################################### - if [[ $KERNEL -eq 1 ]]; then - if [[ $IN_DOCKER -eq 1 ]] && [[ -f "$LOG_DIR"/kernel_config ]]; then - export KERNEL_CONFIG="$LOG_DIR"/kernel_config + if [[ "${KERNEL}" -eq 1 ]]; then + if [[ ${IN_DOCKER} -eq 1 ]] && [[ -f "${LOG_DIR}"/kernel_config ]]; then + export KERNEL_CONFIG="${LOG_DIR}"/kernel_config fi - if ! [[ -f "$KERNEL_CONFIG" ]] ; then - print_output "[-] Invalid kernel configuration file: $ORANGE$KERNEL_CONFIG$NC" "no_log" + if ! [[ -f "${KERNEL_CONFIG}" ]] ; then + print_output "[-] Invalid kernel configuration file: ${ORANGE}${KERNEL_CONFIG}${NC}" "no_log" exit 1 else - if [[ $IN_DOCKER -eq 0 ]] ; then + if [[ ${IN_DOCKER} -eq 0 ]] ; then # we copy the kernel config file from outside the container into our log directory # further modules are using LOG_DIR/kernel_config for accessing the kernel config - if [[ -d "$LOG_DIR" ]] ; then - cp "$KERNEL_CONFIG" "$LOG_DIR"/kernel_config + if [[ -d "${LOG_DIR}" ]] ; then + cp "${KERNEL_CONFIG}" "${LOG_DIR}"/kernel_config else print_output "[!] Missing log directory" "no_log" exit 1 @@ -599,31 +599,31 @@ main() { fi fi - if [[ $IN_DOCKER -eq 0 ]] ; then - check_cve_search_job "$EMBA_PID" & + if [[ ${IN_DOCKER} -eq 0 ]] ; then + check_cve_search_job "${EMBA_PID}" & local TMP_PID="$!" - store_kill_pids "$TMP_PID" - disown "$TMP_PID" 2> /dev/null || true + store_kill_pids "${TMP_PID}" + disown "${TMP_PID}" 2> /dev/null || true fi - disk_space_monitor "$EMBA_PID" & + disk_space_monitor "${EMBA_PID}" & local TMP_PID="$!" - store_kill_pids "$TMP_PID" - disown "$TMP_PID" 2> /dev/null || true + store_kill_pids "${TMP_PID}" + disown "${TMP_PID}" 2> /dev/null || true # if $CONTAINER_EXTRACT is set we extract the docker container with id $CONTAINER_ID outside of the # EMBA container into log directory # we do this outside of the EMBA container - otherwise we will not reach the docker environment - if [[ "$CONTAINER_EXTRACT" -eq 1 && "$IN_DOCKER" -eq 0 ]] ; then - docker_container_extractor "$CONTAINER_ID" + if [[ "${CONTAINER_EXTRACT}" -eq 1 && "${IN_DOCKER}" -eq 0 ]] ; then + docker_container_extractor "${CONTAINER_ID}" fi fi ####################################################################################### # Docker ####################################################################################### - if [[ $USE_DOCKER -eq 1 ]] ; then - if ! [[ $EUID -eq 0 ]] ; then + if [[ ${USE_DOCKER} -eq 1 ]] ; then + if ! [[ ${EUID} -eq 0 ]] ; then if ! groups | grep -qw docker; then print_output "[!] Using EMBA with docker-compose requires root permissions" "no_log" print_output "$(indent "Run EMBA with root permissions or add your user to docker group")" "no_log" @@ -640,14 +640,14 @@ main() { OPTIND=1 ARGUMENTS=() while getopts a:A:BcC:d:De:Ef:Fghijk:l:m:N:op:P:QrsStT:UX:yY:WxzZ: OPT ; do - case $OPT in + case ${OPT} in D|f|i|l) ;; *) if [[ -v OPTARG[@] ]] ; then - ARGUMENTS=( "${ARGUMENTS[@]}" "-$OPT" "${OPTARG[@]}" ) + ARGUMENTS=( "${ARGUMENTS[@]}" "-${OPT}" "${OPTARG[@]}" ) else - ARGUMENTS=( "${ARGUMENTS[@]}" "-$OPT" ) + ARGUMENTS=( "${ARGUMENTS[@]}" "-${OPT}" ) fi ;; esac @@ -669,40 +669,40 @@ main() { print_output "[*] EMBA initializes docker container.\\n" "no_log" - if [[ "$ONLY_DEP" -eq 0 ]]; then + if [[ "${ONLY_DEP}" -eq 0 ]]; then # store some details that we do not have in the docker container: - echo "$FIRMWARE_PATH" >> "$TMP_DIR"/fw_name.log - echo "$LOG_DIR" >> "$TMP_DIR"/emba_log_dir.log - echo "$EMBA_COMMAND" >> "$TMP_DIR"/emba_command.log + echo "${FIRMWARE_PATH}" >> "${TMP_DIR}"/fw_name.log + echo "${LOG_DIR}" >> "${TMP_DIR}"/emba_log_dir.log + echo "${EMBA_COMMAND}" >> "${TMP_DIR}"/emba_command.log fi write_notification "EMBA starting docker container" - [[ "$STRICT_MODE" -eq 1 ]] && set +e + [[ "${STRICT_MODE}" -eq 1 ]] && set +e - disable_strict_mode "$STRICT_MODE" 0 - if [[ "$ONLY_DEP" -gt 0 ]]; then - EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" docker-compose run --rm emba -c './emba -f /firmware -i "$@"' _ "${ARGUMENTS[@]}" + disable_strict_mode "${STRICT_MODE}" 0 + if [[ "${ONLY_DEP}" -gt 0 ]]; then + EMBA="${INVOCATION_PATH}" FIRMWARE="${FIRMWARE_PATH}" docker-compose run --rm emba -c './emba -f /firmware -i "$@"' _ "${ARGUMENTS[@]}" D_RETURN=$? else - EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker-compose run --rm emba -c './emba -l /logs -f /firmware -i "$@"' _ "${ARGUMENTS[@]}" + EMBA="${INVOCATION_PATH}" FIRMWARE="${FIRMWARE_PATH}" LOG="${LOG_DIR}" docker-compose run --rm emba -c './emba -l /logs -f /firmware -i "$@"' _ "${ARGUMENTS[@]}" D_RETURN=$? fi - enable_strict_mode "$STRICT_MODE" 0 + enable_strict_mode "${STRICT_MODE}" 0 - if [[ $D_RETURN -eq 0 ]] ; then - if [[ $ONLY_DEP -eq 0 ]] ; then + if [[ "${D_RETURN}" -eq 0 ]] ; then + if [[ "${ONLY_DEP}" -eq 0 ]] ; then print_output "[*] EMBA finished analysis in docker container.\\n" "no_log" write_notification "EMBA finished analysis in default mode" - print_output "[*] Firmware tested: $ORANGE$FIRMWARE_PATH$NC" "no_log" - print_output "[*] Log directory: $ORANGE$LOG_DIR$NC" "no_log" - if [[ -v HTML_PATH ]] && [[ -f "$HTML_PATH"/index.html ]]; then - print_output "[*] Open the web-report with$ORANGE firefox $(abs_path "$HTML_PATH/index.html")$NC\\n" "main" + print_output "[*] Firmware tested: ${ORANGE}${FIRMWARE}_PATH${NC}" "no_log" + print_output "[*] Log directory: ${ORANGE}${LOG_DIR}${NC}" "no_log" + if [[ -v HTML_PATH ]] && [[ -f "${HTML_PATH}"/index.html ]]; then + print_output "[*] Open the web-report with${ORANGE} firefox $(abs_path "${HTML_PATH}/index.html")${NC}\\n" "main" fi cleaner 0 else # we do not need the log dir from dependency checker - [[ -d "$LOG_DIR" ]] && rm -rf "$LOG_DIR" + [[ -d "${LOG_DIR}" ]] && rm -rf "${LOG_DIR}" fi exit 0 else @@ -715,7 +715,7 @@ main() { ####################################################################################### # Start status bar - if [[ $DISABLE_STATUS_BAR -eq 0 ]] ; then + if [[ ${DISABLE_STATUS_BAR} -eq 0 ]] ; then initial_status_bar # Trap the window resize signal (handle window resize events). trap 'initial_status_bar' WINCH @@ -724,36 +724,36 @@ main() { ####################################################################################### # Pre-Check (P-modules) ####################################################################################### - if [[ $PRE_CHECK -eq 1 ]] ; then + if [[ "${PRE_CHECK}" -eq 1 ]] ; then print_ln "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] Pre-checking phase started on ""$(date)""\\n""$(indent "$NC""Firmware binary path: ""$FIRMWARE_PATH")" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] Pre-checking phase started on ""$(date)""\\n""$(indent "${NC}""Firmware binary path: ""${FIRMWARE_PATH}")" "main" else - print_output "[!] Pre-checking phase started on ""$(date)""\\n""$(indent "$NC""Firmware binary path: ""$FIRMWARE_PATH")" "no_log" + print_output "[!] Pre-checking phase started on ""$(date)""\\n""$(indent "${NC}""Firmware binary path: ""${FIRMWARE_PATH}")" "no_log" fi write_notification "Pre-checking phase started" # 'main' functions of imported modules # in the pre-check phase we execute all modules with P[Number]_Name.sh - run_modules "P" "$THREADED" "0" + run_modules "P" "${THREADED}" "0" # if we running threaded we ware going to wait for the slow guys here - [[ $THREADED -eq 1 ]] && wait_for_pid "${WAIT_PIDS[@]}" + [[ ${THREADED} -eq 1 ]] && wait_for_pid "${WAIT_PIDS[@]}" print_ln "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] Pre-checking phase ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] Pre-checking phase ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "main" else - print_output "[!] Pre-checking phase ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log" + print_output "[!] Pre-checking phase ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "no_log" fi write_notification "Pre-checking phase finished" # useful prints for debugging: - # print_output "[!] Firmware value: $FIRMWARE" - # print_output "[!] Firmware path: $FIRMWARE_PATH" + # print_output "[!] Firmware value: ${FIRMWARE}" + # print_output "[!] Firmware path: ${FIRMWARE}_PATH" # print_output "[!] Output dir: $OUTPUT_DIR" # print_output "[!] LINUX_PATH_COUNTER: $LINUX_PATH_COUNTER" # print_output "[!] LINUX_PATH_ARRAY: ${#ROOT_PATH[@]}" @@ -763,27 +763,27 @@ main() { # Firmware-Check (S modules) ####################################################################################### WAIT_PIDS=() - if [[ $FIRMWARE -eq 1 ]] ; then + if [[ ${FIRMWARE} -eq 1 ]] ; then print_output "\n=================================================================\n" "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] Testing phase started on ""$(date)""\\n""$(indent "$NC""Firmware path: ""$FIRMWARE_PATH")" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] Testing phase started on ""$(date)""\\n""$(indent "${NC}""Firmware path: ""${FIRMWARE_PATH}")" "main" else - print_output "[!] Testing phase started on ""$(date)""\\n""$(indent "$NC""Firmware path: ""$FIRMWARE_PATH")" "no_log" + print_output "[!] Testing phase started on ""$(date)""\\n""$(indent "${NC}""Firmware path: ""${FIRMWARE_PATH}")" "no_log" fi write_notification "Testing phase finished" write_grep_log "$(date)" "TIMESTAMP" - run_modules "S" "$THREADED" "$HTML" + run_modules "S" "${THREADED}" "${HTML}" - [[ $THREADED -eq 1 ]] && wait_for_pid "${WAIT_PIDS[@]}" + [[ ${THREADED} -eq 1 ]] && wait_for_pid "${WAIT_PIDS[@]}" print_ln "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] Testing phase ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] Testing phase ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "main" else - print_output "[!] Testing phase ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log" + print_output "[!] Testing phase ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "no_log" fi write_notification "Testing phase ended" @@ -793,24 +793,24 @@ main() { ####################################################################################### # Live Emulation - Check (L-modules) ####################################################################################### - if [[ $FULL_EMULATION -eq 1 ]] ; then + if [[ "${FULL_EMULATION}" -eq 1 ]] ; then print_output "\n=================================================================\n" "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] System emulation phase started on ""$(date)""\\n""$(indent "$NC""Firmware path: ""$FIRMWARE_PATH")" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] System emulation phase started on ""$(date)""\\n""$(indent "${NC}""Firmware path: ""${FIRMWARE_PATH}")" "main" else - print_output "[!] System emulation phase started on ""$(date)""\\n""$(indent "$NC""Firmware path: ""$FIRMWARE_PATH")" "no_log" + print_output "[!] System emulation phase started on ""$(date)""\\n""$(indent "${NC}""Firmware path: ""${FIRMWARE_PATH}")" "no_log" fi write_notification "System emulation phase started" write_grep_log "$(date)" "TIMESTAMP" # these modules are not threaded! - run_modules "L" "0" "$HTML" + run_modules "L" "0" "${HTML}" print_ln "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] System emulation phase ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] System emulation phase ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "main" else - print_output "[!] System emulation ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log" + print_output "[!] System emulation ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "no_log" fi write_notification "System emulation phase ended" fi @@ -818,53 +818,53 @@ main() { ####################################################################################### # Reporting (F-modules) ####################################################################################### - if [[ -d "$LOG_DIR" ]]; then + if [[ -d "${LOG_DIR}" ]]; then print_output "[!] Reporting phase started on ""$(date)""\\n" "main" else print_output "[!] Reporting phase started on ""$(date)""\\n" "no_log" fi write_notification "Reporting phase started" - run_modules "F" "0" "$HTML" + run_modules "F" "0" "${HTML}" - [[ $DISABLE_STATUS_BAR -eq 0 ]] && remove_status_bar + [[ ${DISABLE_STATUS_BAR} -eq 0 ]] && remove_status_bar write_notification "Reporting phase ended" - if [[ "$TESTING_DONE" -eq 1 ]]; then - if [[ "$FINAL_FW_RM" -eq 1 && -d "$LOG_DIR"/firmware ]]; then + if [[ "${TESTING_DONE}" -eq 1 ]]; then + if [[ "${FINAL_FW_RM}" -eq 1 && -d "${LOG_DIR}"/firmware ]]; then print_output "[*] Removing temp firmware directory\\n" "no_log" - rm -r "$LOG_DIR"/firmware 2>/dev/null + rm -r "${LOG_DIR}"/firmware 2>/dev/null fi - if [[ "$FINAL_FW_RM" -eq 1 && -d "$LOG_DIR"/p61_unblob_eval/unblob_extracted ]]; then + if [[ "${FINAL_FW_RM}" -eq 1 && -d "${LOG_DIR}"/p61_unblob_eval/unblob_extracted ]]; then print_output "[*] Removing unblob firmware directory\\n" "no_log" - rm -r "$LOG_DIR"/p61_unblob_eval/unblob_extracted 2>/dev/null + rm -r "${LOG_DIR}"/p61_unblob_eval/unblob_extracted 2>/dev/null fi print_ln "no_log" - if [[ -d "$LOG_DIR" ]]; then - print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "main" + if [[ -d "${LOG_DIR}" ]]; then + print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "main" write_notification "EMBA finished analysis" - rm -r "$TMP_DIR" 2>/dev/null || true + rm -r "${TMP_DIR}" 2>/dev/null || true else - print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log" + print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"${SECONDS}" -u +%H:%M:%S)"" \\n" "no_log" fi write_grep_log "$(date)" "TIMESTAMP" - write_grep_log "$(date -d@"$SECONDS" -u +%H:%M:%S)" "DURATION" + write_grep_log "$(date -d@"${SECONDS}" -u +%H:%M:%S)" "DURATION" else print_output "[!] No extracted firmware found" "no_log" print_output "$(indent "Try using binwalk or something else to extract the firmware")" exit 1 fi - [[ "$HTML" -eq 1 ]] && update_index + [[ "${HTML}" -eq 1 ]] && update_index - if [[ -f "$HTML_PATH"/index.html ]] && [[ "$IN_DOCKER" -eq 0 ]]; then - print_output "[*] Web report created HTML report in $ORANGE$LOG_DIR/html-report$NC\\n" "main" - print_output "[*] Open the web-report with$ORANGE firefox $(abs_path "$HTML_PATH/index.html")$NC\\n" "main" + if [[ -f "${HTML_PATH}"/index.html ]] && [[ "${IN_DOCKER}" -eq 0 ]]; then + print_output "[*] Web report created HTML report in ${ORANGE}${LOG_DIR}/html-report${NC}\\n" "main" + print_output "[*] Open the web-report with${ORANGE} firefox $(abs_path "${HTML_PATH}/index.html")${NC}\\n" "main" fi # we need to change the permissions of the LOG_DIR to the orig. user from the host - [[ "$IN_DOCKER" -eq 1 ]] && restore_permissions + [[ "${IN_DOCKER}" -eq 1 ]] && restore_permissions cleaner 0 exit 0 } diff --git a/helpers/helpers_emba_parameter_parser.sh b/helpers/helpers_emba_parameter_parser.sh index 500c0a4bf..bbc8f812e 100755 --- a/helpers/helpers_emba_parameter_parser.sh +++ b/helpers/helpers_emba_parameter_parser.sh @@ -186,7 +186,7 @@ emba_parameter_parsing() { export FORMAT_LOG=1 ;; Z) - check_alnum "$OPTARG" + check_vendor "$OPTARG" export FW_DEVICE="" FW_DEVICE="$(escape_echo "$OPTARG")" ;; diff --git a/helpers/helpers_emba_print.sh b/helpers/helpers_emba_print.sh index 136554777..ff6b188fa 100755 --- a/helpers/helpers_emba_print.sh +++ b/helpers/helpers_emba_print.sh @@ -232,7 +232,7 @@ check_path_input() { check_version() { local INPUT_TO_CHECK="${1:-}" [[ -z "$INPUT_TO_CHECK" ]] && return - if ! [[ "$INPUT_TO_CHECK" =~ ^[a-zA-Z0-9./_~:'-']+$ ]]; then + if ! [[ "$INPUT_TO_CHECK" =~ ^[a-zA-Z0-9./_:'-''+']+$ ]]; then print_output "[-] Invalid input detected - versions aka 1.2.3-a:b only" "no_log" exit 1 fi