So, I am reading about injection attacks. White Listing is better than Black Listing.
Bash support some regex.
The first IF – check for a valid file name.
2nd checks for a Unix path name and allows spaces. But not “&, >, <, or | “. Ampersand in Linux is really bad. if you allow that in certain user inputs and pass it to Bash – it could potentially execute a devastating script injected in. ( rm -rf / comes to mind )
if ! [[ $4 =~ ^[0-9a-zA-Z._-]+$ ]]; then
# Checks whether valid characters exist
echo "bad file name";
exit
fi
if ! [[ $2 =~ ^[0-9a-zA-Z._-\/\ ]+$ ]]; then
# Checks whether valid characters exist
echo "suspicious path";
exit
fi