Fix static analysis failures

src/freedombone-utils-onion

@@ -36,9 +36,9 @@ HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
 
 function add_email_hostname {
     extra_email_hostname="$1"
-    email_hostnames=$(cat /etc/exim4/update-exim4.conf.conf | grep "dc_other_hostnames" | awk -F "'" '{print $2}')
+    email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
     if [[ "$email_hostnames" != *"$extra_email_hostname"* ]]; then
-        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$emailhostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
+        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$email_hostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
         update-exim4.conf
         dpkg-reconfigure --frontend noninteractive exim4-config
         systemctl restart saslauthd
@@ -54,7 +54,7 @@ function wait_for_onion_service_base {
     onion_service_name="$1"
 
     sleep_ctr=0
-    while [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; do
+    while [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; do
         sleep 1
         sleep_ctr=$((sleep_ctr + 1))
         if [ $sleep_ctr -gt 10 ]; then
@@ -66,12 +66,12 @@ function wait_for_onion_service_base {
 function wait_for_onion_service {
     onion_service_name="$1"
 
-    wait_for_onion_service_base ${onion_service_name}
+    wait_for_onion_service_base "${onion_service_name}"
 
-    if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
+    if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
         # try a second time
         onion_update
-        wait_for_onion_service_base ${onion_service_name}
+        wait_for_onion_service_base "${onion_service_name}"
     fi
     sync
 }
@@ -87,22 +87,22 @@ function remove_onion_service {
     sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
     sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
     sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
-        if [ $4 ]; then
+        if [ "$4" ]; then
             sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
-            if [ $5 ]; then
+            if [ "$5" ]; then
                 sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
             fi
         fi
     fi
-    if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name} ]; then
-        shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}/*
-        rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name}
+    if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
+        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/*"
+        rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
     fi
-    if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile ]; then
-        shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/*
-        rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile
+    if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
+        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/*"
+        rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
     fi
     remove_completion_param "${onion_service_name} onion domain"
     onion_update
@@ -114,8 +114,8 @@ function add_onion_service {
     onion_service_port_to=$3
     onion_stealth_name="$4"
 
-    if [ -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
-        echo $(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname)
+    if [ -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
+        cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname"
         USE_V2_ONION_ADDRESS=
         return
     fi
@@ -143,20 +143,20 @@ function add_onion_service {
     onion_update
 
     function_check wait_for_onion_service
-    wait_for_onion_service ${onion_service_name}
+    wait_for_onion_service "${onion_service_name}"
 
-    if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
-        ls -lh ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname
+    if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
+        ls -lh "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname"
         echo $"${onion_service_name} onion site hostname not found"
         exit 763624
     fi
 
-    onion_address=$(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname)
+    onion_address=$(cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname")
 
     # Record the domain in the completion file
     set_completion_param "${onion_service_name} onion domain" "${onion_address}"
 
-    echo $onion_address
+    echo "$onion_address"
 }
 
 function set_default_onion_domains {
@@ -184,19 +184,19 @@ function create_avahi_onion_domains {
     fi
     if [ $GNUSOCIAL_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service gnusocial http tcp $GNUSOCIAL_ONION_PORT
+        create_avahi_service gnusocial http tcp "$GNUSOCIAL_ONION_PORT"
     fi
     if [ $HTMLY_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service blog http tcp $HTMLY_ONION_PORT
+        create_avahi_service blog http tcp "$HTMLY_ONION_PORT"
     fi
     if [ $GIT_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service git http tcp $GIT_ONION_PORT
+        create_avahi_service git http tcp "$GIT_ONION_PORT"
     fi
     if [ $DOKUWIKI_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service dokuwiki http tcp $DOKUWIKI_ONION_PORT
+        create_avahi_service dokuwiki http tcp "$DOKUWIKI_ONION_PORT"
     fi
 }
 
@@ -204,16 +204,16 @@ function allow_ssh_to_onion_address {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [ ! -d /home/$MY_USERNAME/.ssh ]; then
-        mkdir /home/$MY_USERNAME/.ssh
+    if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
+        mkdir "/home/$MY_USERNAME/.ssh"
     fi
     if [ ! -d /etc/tor ]; then
         echo $'Tor not found when updating ssh'
         exit 528257
     fi
-    if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
-        echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+    if ! grep -q "onion" "/home/$MY_USERNAME/.ssh/config"; then
+        echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config"
     fi
 }
 
@@ -225,14 +225,14 @@ function enable_ssh_via_onion {
         return
     fi
     apt-get -yq install tor connect-proxy
-    if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
-        if [ ! -d /home/$MY_USERNAME/.ssh ]; then
-            mkdir /home/$MY_USERNAME/.ssh
+    if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then
+        if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
+            mkdir "/home/$MY_USERNAME/.ssh"
         fi
-        echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
+        echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh/config"
     fi
     if ! grep -q 'Host *.onion' /root/.ssh/config; then
         if [ ! -d /root/.ssh ]; then
@@ -259,7 +259,7 @@ function configure_ssh_onion {
         return
     fi
 
-    SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
+    SSH_ONION_HOSTNAME=$(add_onion_service ssh "${SSH_PORT}" "${SSH_PORT}")
     if [[ "$SSH_ONION_HOSTNAME" != *'.onion' ]]; then
         echo $'ssh onion site not generated'
         exit 624128
@@ -313,9 +313,9 @@ function resolve_dns_via_tor {
 
     # resolve DNS via tor
     if ! grep -q 'DNSPort 53' /etc/tor/torrc; then
-        echo 'DNSPort 53' >> /etc/tor/torrc
-        echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
-        echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
+        { echo 'DNSPort 53';
+          echo 'AutomapHostsOnResolve 1';
+          echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc
         onion_update
     fi
 
@@ -361,8 +361,8 @@ function route_outgoing_traffic_through_tor {
 
     # Allow clearnet access for hosts in $_non_tor
     for _clearnet in $_non_tor; do
-        iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
-        iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
+        iptables -t nat -A OUTPUT -d "$_clearnet" -j RETURN
+        iptables -t nat -A PREROUTING -i $_int_if -d "$_clearnet" -j RETURN
     done
 
     # Redirect all other pre-routing and output to Tor
@@ -375,7 +375,7 @@ function route_outgoing_traffic_through_tor {
 
     # Allow clearnet access for hosts in $_non_tor
     for _clearnet in $_non_tor 127.0.0.0/8; do
-        iptables -A OUTPUT -d $_clearnet -j ACCEPT
+        iptables -A OUTPUT -d "$_clearnet" -j ACCEPT
     done
 
     # Allow only Tor output
@@ -438,9 +438,9 @@ function get_app_onion_address {
     if [ ${#mobilestr} -gt 0 ]; then
         app_name="mobile${app_name}"
     fi
-    if grep -q "${app_name} onion domain" $COMPLETION_FILE; then
-        if grep -q "${app_name} onion domain" $COMPLETION_FILE; then
-            echo $(cat ${COMPLETION_FILE} | grep "${app_name} onion domain" | head -n 1 | awk -F ':' '{print $2}')
+    if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then
+        if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then
+            grep "${app_name} onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
             return
         fi
     fi
@@ -521,7 +521,7 @@ function tor_remove_bridge {
 function tor_create_bridge_relay {
     read_config_param 'TOR_BRIDGE_PORT'
     read_config_param 'TOR_BRIDGE_NICKNAME'
-    if [ ! $TOR_BRIDGE_PORT ]; then
+    if [ ! "$TOR_BRIDGE_PORT" ]; then
         return
     fi
     if [ ${#TOR_BRIDGE_PORT} -eq 0 ]; then
@@ -548,11 +548,11 @@ function tor_create_bridge_relay {
     read_config_param 'MY_EMAIL_ADDRESS'
 
     sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc
-    if [ $TOR_BRIDGE_NICKNAME ]; then
+    if [ "$TOR_BRIDGE_NICKNAME" ]; then
         sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
         sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
     fi
-    firewall_add tor_bridge $TOR_BRIDGE_PORT tcp
+    firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp
     systemctl restart tor
 }
 
@@ -573,7 +573,7 @@ function tor_remove_bridge_relay {
         sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc
     fi
     read_config_param 'TOR_BRIDGE_PORT'
-    firewall_remove $TOR_BRIDGE_PORT tcp
+    firewall_remove "$TOR_BRIDGE_PORT" tcp
     systemctl restart tor
 }