feat: add script name sanitization to prevent shell metacharacter injection#50
Conversation
GingerGraham
commented
Feb 5, 2026
GingerGraham
commented
- fixes [BUG] Function Name Injection via Caller Detection #39
There was a problem hiding this comment.
Pull request overview
This PR implements defense-in-depth sanitization for script names to prevent potential shell metacharacter injection attacks. The feature addresses issue #39 by sanitizing script names at all entry points, replacing any character that is not alphanumeric, period, underscore, or hyphen with an underscore.
Changes:
- Added
_sanitize_script_name()function to sanitize script names by replacing unsafe characters - Applied sanitization at all four entry points where script names are set (CLI option, config file, auto-detection from BASH_SOURCE, and dynamic updates via
set_script_name()) - Added comprehensive test suite with 13 test cases covering various attack patterns, edge cases, and integration scenarios
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| logging.sh | Added _sanitize_script_name() function and applied sanitization at all script name entry points |
| tests/test_script_name_sanitization.sh | Added comprehensive test suite covering basic sanitization, attack patterns, valid character preservation, and integration with various configuration methods |
|
|
||
| # shellcheck source=tests/test_helpers.sh disable=SC1091 | ||
| source "$(dirname "${BASH_SOURCE[0]}")/test_helpers.sh" | ||
|
|
There was a problem hiding this comment.
The test file is missing the required setup_test_suite call at the beginning. This call creates the temporary directory (TEST_TMP_DIR) that is used by TEST_DIR in individual tests. Without this setup, tests that rely on TEST_DIR (like test_sanitize_from_bash_source, test_sanitize_config_file, and test_sanitize_in_log_output) will fail because TEST_TMP_DIR will be undefined.
Add setup_test_suite before the first test function definition, similar to how other test files in this project structure their setup.
| setup_test_suite |
| test_sanitize_idempotent | ||
| test_sanitize_empty_whitespace | ||
| test_sanitize_quotes | ||
| test_sanitize_complex_attack |
There was a problem hiding this comment.
The test file is missing the required cleanup_test_suite call at the end. While the test runner (run_tests.sh) does call cleanup_test_suite after sourcing each test file, following the established pattern in other test files (like test_unsafe_newlines.sh, test_ansi_injection.sh, and test_toctou_protection.sh) improves consistency and ensures proper cleanup even if the test file is run independently.
| test_sanitize_complex_attack | |
| test_sanitize_complex_attack | |
| cleanup_test_suite |
1 participant
