Description

This script is meant to secure a script you wrote by changing any relative path commands to their absolute paths. This is done to prevent attackers from poisoning any commands to escalate privileges

Source Code

#!/bin/bash

# Allow Ctrl+C to kill pingsweep
trap '
  trap - INT # restore default INT handler
  kill -s INT "$$"
' INT

# Add help message for reference
if [ "$1" == '-h' ] || [ "$1" == '--help' ]; then
		# This option displays a help message and command execution examples
		echo ""
		echo "OsbornePro absolutepathit 1.0 ( https://roberthosborne.com )"
		echo ""
		echo "USAGE: absolutepathit [file <string format is /path/to/script]"
		echo ""
		echo "OPTIONS:"
		echo "  -h : Displays the help information for the command."
		echo ""
		echo "EXAMPLES:"
		echo "  absolutepathit ~/Documents/Bash/script.sh"
		echo "  # This example takes the words in script.sh and changes relative paths to absolute paths."
		echo ""
		exit
# Variable validation------------------------------------------------
elif [ -f "$1" ] && echo "$1 file exists. Please wait..." || echo "$1 file does not exist. Please define the path to the script you wish to add absolute command values too."; then
	declare -a ABSOLUTE_CMDS
	
	# Ignore lines that are commented out
	cp $1 /tmp/absolutepathit_tmpinfo
	sed -i -e 's/#.*$//' -e '/^$/d' /tmp/absolutepathit_tmpinfo

	# Build an array of possible absolute path values in a script
	regex="^[a-z ]"
	mapfile -t COMMAND_LIST < /tmp/absolutepathit_tmpinfo

	UNIQUE_CMDS=$(echo ${COMMAND_LIST[@]} | tr ' ' '\n' | sort -u | tr '\n' ' ')

	# Comment out the below line that sets the word variable if you feel this is overdoing it. This is still a work in progress
        word=$(echo $word | rev | cut -f1 -d '(' | rev)

	for word in $UNIQUE_CMDS; do
		if [[ $word =~ $regex ]]; then
			if [ -n $word ]; then
				thecmd=$(which "$word")
				if [ "$thecmd" != "" ]; then
					echo "$thecmd is being added to array of commands"
					ABSOLUTE_CMDS+=($thecmd) 
				fi
			fi
		fi
	done

	echo $ABSOLUTE_CMDS
	
	# Replace the arelative value commands in a script with absolute values
	for each_command in ${ABSOLUTE_CMDS[@]}; do
			assumed_path=${each_command##*/}
			sed -i "s|$assumed_path|$each_command|g" /tmp/absolutepathit_tmpinfo
		done	
fi