From f5180a5e57f36c3b2687f7e3c18a52df03870c57 Mon Sep 17 00:00:00 2001
From: Manuel Friedli <manuel@fritteli.ch>
Date: Tue, 24 Nov 2020 21:15:37 +0100
Subject: [PATCH] Improve parameter validation.

---
 ddos-mitigator.sh | 87 +++++++++++++++++++++++++++--------------------
 1 file changed, 51 insertions(+), 36 deletions(-)

diff --git a/ddos-mitigator.sh b/ddos-mitigator.sh
index abfdf31..adcf837 100755
--- a/ddos-mitigator.sh
+++ b/ddos-mitigator.sh
@@ -256,10 +256,6 @@ function parse_command_line_args() {
 			'')
 				autopilot=1
 				;;
-				#			*[!0-9]*)
-				#				echo "Invalid argument for parameter 'auto': '${2}'. Invoke with --help for help." >&2
-				#				exit 1
-				#				;;
 			*)
 				autopilot="$2"
 				;;
@@ -268,10 +264,6 @@ function parse_command_line_args() {
 			;;
 		'-c' | '--country')
 			IFS=',' read -ra bancountries <<<"${2}"
-			#			if [[ -z ${bancountries[@]// /} ]]; then
-			#				echo "Invalid argument for parameter 'country': '${2}'. Invoke with --help for help." >&2
-			#				exit 1
-			#			fi
 			shift
 			;;
 		'-d' | '--database')
@@ -345,34 +337,6 @@ function parse_command_line_args() {
 }
 
 function validate_parameter_values() {
-	# Autopilot
-	case "${autopilot}" in
-	*[!0-9]*)
-		echo "Invalid value argument for parameter 'auto' / 'AUTOPILOT': '${autopilot}'." >&2
-		echo "Invoke with --help for help." >&2
-		exit 1
-		;;
-	esac
-
-	# Countries
-	if [[ -z ${bancountries[@]// /} ]]; then
-		echo "Invalid argument for parameter 'country' / 'COUNTRIES': '${bancountries[*]}'." >&2
-		echo "Invoke with --help for help." >&2
-		exit 1
-	fi
-
-	# Netmask
-	case "${netmask}" in
-	'8' | '16' | '24' | '32')
-		# Everything OK.
-		;;
-	*)
-		echo "Invalid argument for parameter 'netmask': '${2}'." >&2
-		echo "Invoke with --help for help." >&2
-		exit 1
-		;;
-	esac
-
 	# GeoIP-Database
 	if [[ -z "${database}" ]]; then
 		echo "No GeoIP database specified. Invoke with --help for more information." >&2
@@ -383,6 +347,57 @@ function validate_parameter_values() {
 		echo "Database '${database}' is not accessible." >&2
 		exit 1
 	fi
+
+	# Autopilot
+	case "${autopilot}" in
+	*[!0-9]*)
+		echo "Invalid value for parameter 'auto' / 'AUTOPILOT': '${autopilot}'." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+		;;
+	esac
+
+	# Countries
+	if [[ -z ${bancountries[@]// /} ]]; then
+		echo "Invalid value for parameter 'country' / 'COUNTRIES': '${bancountries[*]}'." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+	fi
+
+	# Jail
+	if [[ -z "${jail}" ]]; then
+		echo "Invalid value for parameter 'jail' / 'JAIL': '${jail}'." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+	fi
+
+	# Netmask
+	case "${netmask}" in
+	'0' | '8' | '16' | '24' | '32')
+		# Everything OK.
+		;;
+	*)
+		echo "Invalid value for parameter 'netmask': '${2}'." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+		;;
+	esac
+
+	# Port
+	case "${port}" in
+	*[!0-9]*)
+		echo "Invalid value for parameter 'port' / 'PORT': '${autopilot}'." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+		;;
+	esac
+	if [[ ${port} -lt 0 || ${port} -gt 65535 ]]; then
+		echo "Invalid value for parameter 'port' / 'PORT': '${autopilot}'." >&2
+		echo "Value must be between 0 ... 65535 (inclusive)." >&2
+		echo "Invoke with --help for help." >&2
+		exit 1
+		;;
+	fi
 }
 
 ################################################################################