sosetup: improve input validation for email address #693

bin/sosetup

@@ -319,14 +319,14 @@ if [ $SERVER -eq 1 ] && [ "$SNORBY_ENABLED" == "yes" ]; then
 		TEXT="What is your email address?\r\rThis will be used when logging into Snorby."
 		SNORBY_EMAIL=`zenity --title="$TITLE" --text="$TEXT" --entry`
 		[ x$SNORBY_EMAIL = "x" ] && exit
-		if [[ "$SNORBY_EMAIL" != *?"@"?*.?* ]] ; then 
+		if [[ "$SNORBY_EMAIL" == *?"@"?*.?*[[:alpha:]] ]] ; then 
+			EMAIL_CONFIRMED="yes"
+			SNORBY_USER_CONFIRM="- Create a Snorby user named $SNORBY_EMAIL. \n"
+		else
 			zenity --error --text="Invalid email address\! \r \
 \r \
 Please ensure your email address is of the form: \r \
 [email protected]"
-		else
-			EMAIL_CONFIRMED="yes"
-			SNORBY_USER_CONFIRM="- Create a Snorby user named $SNORBY_EMAIL. \n"
 		fi
 	done
 fi

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-setup (20120912-0ubuntu0securityonion145) precise; urgency=low
+
+  * sosetup: improve input validation for email address #693 
+
+ -- Doug Burks <[email protected]>  Sat, 04 Jul 2015 15:12:17 -0400
+
 securityonion-setup (20120912-0ubuntu0securityonion144) precise; urgency=low
 
   * Issue 769: Setup: allow user to enable/disable Snorby 

debian/patches/series

@@ -143,3 +143,4 @@ another-speed-improvement
 Issue-744:-sosetup:-Restart-Apache-to-activate-new-ELSA-apikey
 sosetup:-fix-typo-in-sosetup.conf-#764
 Issue-769:-Setup:-allow-user-to-enabledisable-Snorby
+sosetup:-improve-input-validation-for-email-address-#693

debian/patches/sosetup:-improve-input-validation-for-email-address-#693

@@ -0,0 +1,46 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-setup (20120912-0ubuntu0securityonion145) precise; urgency=low
+ .
+   * sosetup: improve input validation for email address #693
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-setup-20120912.orig/bin/sosetup
++++ securityonion-setup-20120912/bin/sosetup
+@@ -319,14 +319,14 @@ if [ $SERVER -eq 1 ] && [ "$SNORBY_ENABL
+ 		TEXT="What is your email address?\r\rThis will be used when logging into Snorby."
+ 		SNORBY_EMAIL=`zenity --title="$TITLE" --text="$TEXT" --entry`
+ 		[ x$SNORBY_EMAIL = "x" ] && exit
+-		if [[ "$SNORBY_EMAIL" != *?"@"?*.?* ]] ; then 
++		if [[ "$SNORBY_EMAIL" == *?"@"?*.?*[[:alpha:]] ]] ; then 
++			EMAIL_CONFIRMED="yes"
++			SNORBY_USER_CONFIRM="- Create a Snorby user named $SNORBY_EMAIL. \n"
++		else
+ 			zenity --error --text="Invalid email address\! \r \
+ \r \
+ Please ensure your email address is of the form: \r \
+ [email protected]"
+-		else
+-			EMAIL_CONFIRMED="yes"
+-			SNORBY_USER_CONFIRM="- Create a Snorby user named $SNORBY_EMAIL. \n"
+ 		fi
+ 	done
+ fi