Harden shell scripts

.editorconfig

@@ -0,0 +1,10 @@
+[*.sh]
+# like -i=2
+indent_style = space
+indent_size = 2
+
+#shell_variant      = posix # like -ln=posix
+#binary_next_line   = true  # like -bn
+switch_case_indent = true  # like -ci
+space_redirects    = true  # like -sr
+#keep_padding       = true  # like -kp

linux/dfu-util.sh

@@ -4,10 +4,10 @@
 #
 
 # Get the directory where the script is running.
-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 
 # Choose dfu program by arch
-if [ `uname -m` ==  "x86_64" ]; then
+if [ "$(uname -m)" == "x86_64" ]; then
   DFU_UTIL=${DIR}/dfu-util_x86_64/dfu-util
 else
   DFU_UTIL=${DIR}/dfu-util/dfu-util

linux/install.sh

@@ -1,15 +1,14 @@
 #!/bin/sh
 
 if sudo [ -w /etc/udev/rules.d ]; then
-    echo "Copying Maple-specific udev rules..."
-    sudo cp -v 45-maple.rules /etc/udev/rules.d/45-maple.rules
-    sudo chown root:root /etc/udev/rules.d/45-maple.rules
-    sudo chmod 644 /etc/udev/rules.d/45-maple.rules
-    echo "Reloading udev rules"
-    sudo udevadm control --reload-rules
-    echo "Adding current user to dialout group"
-    sudo adduser $USER dialout
+  echo "Copying Maple-specific udev rules..."
+  sudo cp -v 45-maple.rules /etc/udev/rules.d/45-maple.rules
+  sudo chown root:root /etc/udev/rules.d/45-maple.rules
+  sudo chmod 644 /etc/udev/rules.d/45-maple.rules
+  echo "Reloading udev rules"
+  sudo udevadm control --reload-rules
+  echo "Adding current user to dialout group"
+  sudo adduser "$USER" dialout
 else
-    echo "Couldn't copy to /etc/udev/rules.d/; you probably have to run this script as root? Or your distribution of Linux doesn't include udev; try running the IDE itself as root."
+  echo "Couldn't copy to /etc/udev/rules.d/; you probably have to run this script as root? Or your distribution of Linux doesn't include udev; try running the IDE itself as root."
 fi
-

linux/maple_upload.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+#set -e
+
+if [ $# -lt 4 ]; then
+  echo "Usage: $0 $# <dummy_port> <altID> <usbID> <binfile>" >&2
+  exit 1
+fi
+altID="$2"
+usbID="$3"
+binfile="$4"
+dummy_port_fullpath="/dev/$1"
+if [ $# -eq 5 ]; then
+  dfuse_addr="--dfuse-address $5"
+else
+  dfuse_addr=""
+fi
+
+# Get the directory where the script is running.
+DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
+#  ----------------- IMPORTANT -----------------
+# The 2nd parameter to upload-reset is the delay after resetting before it exits
+# This value is in milliseonds
+# You may need to tune this to your system
+# 750ms to 1500ms seems to work on my Mac
+
+"${DIR}/upload-reset" "${dummy_port_fullpath}" 750
+
+"${DIR}/dfu-util.sh" -d "${usbID}" -a "${altID}" -D "${binfile}" ${dfuse_addr} -R
+
+echo -n Waiting for "${dummy_port_fullpath}" serial...
+
+COUNTER=0
+while [ ! -r "${dummy_port_fullpath}" ] && ((COUNTER++ < 40)); do
+  sleep 0.1
+done
+
+echo Done

linux/massStorageCopy → linux/massStorageCopy.sh

@@ -1,7 +1,5 @@
 #!/bin/bash
-set -o nounset                              # Treat unset variables as an error
-#set -x
-VERSION="0.1"
+set -o nounset # Treat unset variables as an error
 
 # List
 bin_filepath=
@@ -10,11 +8,10 @@ mountpoint_path=
 
 ###############################################################################
 ## Help function
-usage()
-{
+usage() {
   echo "############################################################"
   echo "##"
-  echo "## `basename $0` [-I <filepath>] [-O <mountpoint(s)> ]"
+  echo "## $(basename "$0") [-I <filepath>] [-O <mountpoint(s)> ]"
   echo "##"
   echo "## Options:"
   echo "##   -I: filepath binary to copy"
@@ -32,29 +29,29 @@ if [ $# -lt 2 ]; then
 fi
 
 # Parsing options
-if [ $1 ==  "-I" ]; then
+if [ "$1" == "-I" ]; then
   shift 1
 fi
 
 bin_filepath=$1
 
-if [ $2 ==  "-O" ]; then
+if [ "$2" == "-O" ]; then
   shift 1
 fi
 # Strip first and last ""
 mountpoint_name="${2%\"}"
 mountpoint_name="${mountpoint_name#\"}"
 
-if [ -z $bin_filepath ]; then
+if [ -z "$bin_filepath" ]; then
   echo "No binary file path provided!"
   exit 1
 fi
-if [ -z $mountpoint_name ]; then
+if [ -z "$mountpoint_name" ]; then
   echo "No mountpoint name provided!"
   exit 1
 fi
 
-if [ ! -f $bin_filepath ]; then
+if [ ! -f "$bin_filepath" ]; then
   echo "$bin_filepath not found!"
   exit 2
 fi
@@ -63,11 +60,11 @@ fi
 IFS=',' read -ra mnt_list <<< "$mountpoint_name"
 for mnt in "${mnt_list[@]}"; do
   # mnt_path_list=(`cat /proc/mounts | cut -d' ' -f2 | sort -u | grep $mnt`)
-  mnt_path_list=(`df -Hl | grep -v "Mounted on" | rev | cut -d' ' -f1 | rev | sort -u | grep $mnt`)
+  mnt_path_list=($(df -Hl | grep -v "Mounted on" | rev | cut -d' ' -f1 | rev | sort -u | grep "$mnt"))
   if [ ${#mnt_path_list[@]} -ne 0 ]; then
     # Ensure to have exact match
     for mnt_path in "${mnt_path_list[@]}"; do
-      mnt_name=`echo $mnt_path | rev | cut -d'/' -f1 | rev`
+      mnt_name=$(echo "$mnt_path" | rev | cut -d'/' -f1 | rev)
       if [ "$mnt_name" = "$mnt" ]; then
         echo "Found '$mnt' at '$mnt_path'"
         mountpoint_path=$mnt_path
@@ -77,14 +74,14 @@ for mnt in "${mnt_list[@]}"; do
   fi
 done
 
-if [ -z $mountpoint_path ] || [ ! -d $mountpoint_path ]; then
+if [ -z "$mountpoint_path" ] || [ ! -d "$mountpoint_path" ]; then
   echo "$mountpoint_name not found."
   echo "Please ensure the device is correctly connected and mounted."
   exit 3
 fi
 
 # Copy the binary to the mountpoint
 echo "Copying $bin_filepath to $mountpoint_path..."
-cp $bin_filepath $mountpoint_path
+cp "$bin_filepath" "$mountpoint_path"
 
 exit $?

linux/stm32CubeProg.sh

@@ -1,20 +1,18 @@
 #!/bin/bash
-set -o nounset                              # Treat unset variables as an error
-#set -x
+set -o nounset # Treat unset variables as an error
 STM32CP_CLI=STM32_Programmer.sh
 ADDRESS=0x8000000
-ERASE=
-MODE=
-PORT=
-OPTS=
+ERASE=""
+MODE=""
+PORT=""
+OPTS=""
 
 ###############################################################################
 ## Help function
-usage()
-{
+usage() {
   echo "############################################################"
   echo "##"
-  echo "## `basename $0` <protocol> <file_path> [OPTIONS]"
+  echo "## $(basename "$0") <protocol> <file_path> [OPTIONS]"
   echo "##"
   echo "## protocol:"
   echo "##   0: SWD"
@@ -34,17 +32,14 @@ usage()
   echo "##       -rst: Reset system"
   echo "##       -s: start automatically (optional)"
   echo "############################################################"
-  exit $1
+  exit "$1"
 }
 
-
 check_tool() {
-  command -v $STM32CP_CLI >/dev/null 2>&1
-  if [ $? != 0 ]; then
+  if ! command -v $STM32CP_CLI > /dev/null 2>&1; then
     export PATH="$HOME/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin":$PATH
   fi
-  command -v $STM32CP_CLI >/dev/null 2>&1
-  if [ $? != 0 ]; then
+  if ! command -v $STM32CP_CLI > /dev/null 2>&1; then
     echo "$STM32CP_CLI not found."
     echo "Please install it or add '<STM32CubeProgrammer path>/bin' to your PATH environment:"
     echo "https://www.st.com/en/development-tools/stm32cubeprog.html"
@@ -56,17 +51,17 @@ check_tool() {
 check_tool
 
 if [ $# -lt 2 ]; then
-    echo "Not enough arguments!"
-    usage 2
+  echo "Not enough arguments!"
+  usage 2
 fi
 
 # Parse options
 PROTOCOL=$1
 FILEPATH=$2
 # Protocol $1
 # 1x: Erase all sectors
-if [ $1 -ge 10 ]; then
-  ERASE='-e all'
+if [ "$1" -ge 10 ]; then
+  ERASE="yes"
   PROTOCOL=$(($1 - 10))
 fi
 # Protocol $1
@@ -75,29 +70,32 @@ fi
 # 2: DFU
 case $PROTOCOL in
   0)
-    PORT='SWD'
-    MODE='mode=UR'
-    shift 2;;
+    PORT="SWD"
+    MODE="mode=UR"
+    shift 2
+    ;;
   1)
     if [ $# -lt 3 ]; then
       usage 3
     else
       PORT=$3
       shift 3
-    fi;;
+    fi
+    ;;
   2)
-    PORT='USB1'
-    shift 2;;
+    PORT="USB1"
+    shift 2
+    ;;
   *)
     echo "Protocol unknown!"
-    usage 4;;
+    usage 4
+    ;;
 esac
 
 if [ $# -gt 0 ]; then
-  OPTS="$@"
+  OPTS="$*"
 fi
 
-${STM32CP_CLI} -c port=${PORT} ${MODE} ${ERASE} -q -d ${FILEPATH} ${ADDRESS} ${OPTS}
-
-exit 0
+${STM32CP_CLI} -c port=${PORT} ${MODE} ${ERASE:+"-e all"} -q -d "${FILEPATH}" ${ADDRESS} "${OPTS}"
 
+exit $?

macosx/maple_upload → macosx/maple_upload.sh

@@ -3,15 +3,16 @@
 set -e
 
 if [ $# -lt 4 ]; then
-    echo "Usage: $0 $# <dummy_port> <altID> <usbID> <binfile>" >&2
-    exit 1
+  echo "Usage: $0 $# <dummy_port> <altID> <usbID> <binfile>" >&2
+  exit 1
 fi
-dummy_port=$1; altID=$2; usbID=$3; binfile=$4;dummy_port_fullpath="/dev/$1"
-
+altID=$2
+usbID=$3
+binfile=$4
+dummy_port_fullpath="/dev/$1"
 
 # Get the directory where the script is running.
-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-
+DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 
 # -----------------  Old code to reset the USB - which doesn't seem to work --------
 #
@@ -31,32 +32,32 @@ DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 # You may need to tune this to your system
 # 750ms to 1500ms seems to work on my Mac
 
-${DIR}/upload-reset ${dummy_port_fullpath} 750
+"${DIR}"/upload-reset "${dummy_port_fullpath}" 750
 
 if [ $# -eq 5 ]; then
-    dfuse_addr="--dfuse-address $5"
+  dfuse_addr="--dfuse-address $5"
 else
-    dfuse_addr=""
+  dfuse_addr=""
 fi
 
 #DFU_UTIL=/usr/local/bin/dfu-util
 DFU_UTIL=${DIR}/dfu-util/dfu-util
-if [ ! -x ${DFU_UTIL} ]; then
-    DFU_UTIL=/opt/local/bin/dfu-util
+if [ ! -x "${DFU_UTIL}" ]; then
+  DFU_UTIL=/opt/local/bin/dfu-util
 fi
 
 if [ ! -x ${DFU_UTIL} ]; then
-    echo "$0: error: cannot find ${DFU_UTIL}" >&2
-    exit 2
+  echo "$0: error: cannot find ${DFU_UTIL}" >&2
+  exit 2
 fi
 
-${DFU_UTIL} -d ${usbID} -a ${altID} -D ${binfile} -R ${dfuse_addr} -R
+${DFU_UTIL} -d "${usbID}" -a "${altID}" -D "${binfile}" -R ${dfuse_addr} -R
 
-echo -n Waiting for ${dummy_port_fullpath} serial...
+echo -n Waiting for "${dummy_port_fullpath}" serial...
 
 COUNTER=0
-while [ ! -c ${dummy_port_fullpath} ] && ((COUNTER++ < 40)); do
-    sleep 0.1
+while [ ! -c "${dummy_port_fullpath}" ] && ((COUNTER++ < 40)); do
+  sleep 0.1
 done
 
 echo Done