Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-06-02 14:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow @ in parameters and sanitize all parameters using base.set

Browse Source
This commit is contained in:
m8in
2026-05-20 23:55:46 +02:00
parent bd76357b1d
commit c83fa7eae2
6 changed files with 35 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/addAndCheckGitRepository.sh
+10 -6
View File
@@ -1,11 +1,12 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
#WARNING: Used for core functionality in setup.sh #WARNING: Used for core functionality in setup.sh
# DO NOT rename the script and test changes well! # DO NOT rename the script and test changes well!
function checkPermissions(){ function checkPermissions() {
local _FOLDER _RIGHTS local _FOLDER _RIGHTS
_FOLDER="${1:?"Missing first parameter FOLDER"}" _FOLDER="${1:?"Missing first parameter FOLDER"}"
_RIGHTS="${2:?"Missing second parameter RIGHTS"}" _RIGHTS="${2:?"Missing second parameter RIGHTS"}"
@@ -27,7 +28,7 @@ function checkPermissions(){
return 1 return 1
} }
function cloneOrPull { function cloneOrPull() {
local _FOLDER _REPOSITORY local _FOLDER _REPOSITORY
_FOLDER="${1:?"Missing first parameter FOLDER"}" _FOLDER="${1:?"Missing first parameter FOLDER"}"
_REPOSITORY="${2:?"Missing second parameter REPOSITORY"}" _REPOSITORY="${2:?"Missing second parameter REPOSITORY"}"
@@ -47,7 +48,7 @@ function cloneOrPull {
return 1 return 1
} }
function printRepository(){ function printRepository() {
local _FOLDER _CONFIGURED_REPOSITORY _SUGGESTED_REPOSITORY local _FOLDER _CONFIGURED_REPOSITORY _SUGGESTED_REPOSITORY
_FOLDER="${1:?"Missing first parameter FOLDER"}" _FOLDER="${1:?"Missing first parameter FOLDER"}"
_CONFIGURED_REPOSITORY="$(git -C "${_FOLDER:?"Missing FOLDER"}" config --get remote.origin.url 2> /dev/null)" _CONFIGURED_REPOSITORY="$(git -C "${_FOLDER:?"Missing FOLDER"}" config --get remote.origin.url 2> /dev/null)"
@@ -98,10 +99,13 @@ function addAndCheckGitRepository() {
} }
# sanitizes all parameters # sanitizes all parameters
base.set FOLDER "${1}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
base.set RIGHTS "${2}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
base.set SUGGESTED_REPOSITORY "${3}" '^([-a-zA-Z0-9/:@._]*)?$' || exit 1
addAndCheckGitRepository \ addAndCheckGitRepository \
"$(echo ${1} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${FOLDER:?"Missing FOLDER"}" \
"$(echo ${2} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${RIGHTS:?"Missing RIGHTS"}" \
"$(echo ${3} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${SUGGESTED_REPOSITORY}" \
&& exit 0 && exit 0
exit 1 exit 1
core/addNormalUser.sh
+3 -1
View File
@@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
#WARNING: Used for core functionality in setup.sh #WARNING: Used for core functionality in setup.sh
# DO NOT rename the script and test changes well! # DO NOT rename the script and test changes well!
@@ -36,7 +37,8 @@ function addNormalUser() {
} }
# sanitizes all parameters # sanitizes all parameters
addNormalUser "$(echo ${1} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ base.set USER "${1}" '^[a-z][-a-z0-9_.]*$' || exit 1
addNormalUser "${USER:?"Missing USER"}" \
&& exit 0 && exit 0
exit 1 exit 1
core/addToCrontabEveryHour.sh
+7 -8
View File
@@ -1,14 +1,11 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
#WARNING: Used for core functionality in setup.sh #WARNING: Used for core functionality in setup.sh
# DO NOT rename the script and test changes well! # DO NOT rename the script and test changes well!
# Folders always ends with an tailing '/'
_SCRIPT="$(readlink -f "${0}" 2> /dev/null)"
_CIS_ROOT="${_SCRIPT%%/core/*}/" #Removes longest matching pattern '/core/*' from the end
# Note that an unprivileged user can use this script successfully, # Note that an unprivileged user can use this script successfully,
# if no user has to be added to the host because it already exists. # if no user has to be added to the host because it already exists.
function addToCrontabEveryHour() { function addToCrontabEveryHour() {
@@ -24,11 +21,11 @@ function addToCrontabEveryHour() {
&& return 0 && return 0
[ "$(id -u)" == "0" ] \ [ "$(id -u)" == "0" ] \
&& echo "${_CIS_ROOT:?"Missing CIS_ROOT"}" | grep -F 'home' &> /dev/null \ && echo "${CIS[ROOT]:?"Missing CIS_ROOT"}" | grep -F 'home' &> /dev/null \
&& echo "SUCCESS: Although the entry will be skipped: ("$(readlink -f ${0})")" \ && echo "SUCCESS: Although the entry will be skipped: ("$(readlink -f ${0})")" \
&& echo " - '${_STRING}'" \ && echo " - '${_STRING}'" \
&& echo " that is because the current environment is:" \ && echo " that is because the current environment is:" \
&& echo " - ${_CIS_ROOT}" \ && echo " - ${CIS[ROOT]}" \
&& return 0 && return 0
[ "$(id -u)" == "0" ] \ [ "$(id -u)" == "0" ] \
@@ -47,9 +44,11 @@ function addToCrontabEveryHour() {
} }
# sanitizes all parameters # sanitizes all parameters
base.set COMMAND "${1}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
base.set MINUTE_VALUE "${2}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
addToCrontabEveryHour \ addToCrontabEveryHour \
"$(echo ${1} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${COMMAND:?"Missing COMMAND"}" \
"$(echo ${2} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${MINUTE_VALUE:?"Missing MINUTE_VALUE"}" \
&& exit 0 && exit 0
exit 1 exit 1
core/base.module.sh
+1 -1
View File
@@ -14,7 +14,7 @@
function base.checkAllInputParameters() { function base.checkAllInputParameters() {
local _ALLOWED_CHARS _ARG _SUCCESS local _ALLOWED_CHARS _ARG _SUCCESS
# Global whitelist for all start-parameters ($1, $2, ...) # Global whitelist for all start-parameters ($1, $2, ...)
_ALLOWED_CHARS='-[:alnum:]/_.:' _ALLOWED_CHARS='-[:alnum:]@/_.:'
readonly _ALLOWED_CHARS readonly _ALLOWED_CHARS
_SUCCESS="true" _SUCCESS="true"
core/defineAuthorizedKeysOfUser.sh
+7 -2
View File
@@ -1,8 +1,11 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
#WARNING: Used for core functionality in setup.sh #WARNING: Used for core functionality in setup.sh
# DO NOT rename the script and test changes well! # DO NOT rename the script and test changes well!
function prepareFolder() { function prepareFolder() {
local _HOME_FOLDER _SSH_FOLDER _USER local _HOME_FOLDER _SSH_FOLDER _USER
_SSH_FOLDER="${1:?"prepareFolder(): Missing parameter SSH_PATH"}" _SSH_FOLDER="${1:?"prepareFolder(): Missing parameter SSH_PATH"}"
@@ -133,9 +136,11 @@ function defineAuthorizedKeysOfUser() {
} }
# sanitizes all parameters # sanitizes all parameters
base.set DEFINITIONS "${1}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
base.set USER "${2}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
defineAuthorizedKeysOfUser \ defineAuthorizedKeysOfUser \
"$(echo ${1} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${DEFINITIONS:?"Missing DEFINITIONS"}" \
"$(echo ${2} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${USER:?"Missing USER"}" \
&& exit 0 && exit 0
exit 1 exit 1
core/ensureUsageOfDefinitions.sh
+7 -2
View File
@@ -1,8 +1,11 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
#WARNING: Used for core functionality in setup.sh #WARNING: Used for core functionality in setup.sh
# DO NOT rename the script and test changes well! # DO NOT rename the script and test changes well!
function printIfEqual() { function printIfEqual() {
[ "${1:?"Missing first parameter"}" == "${2}" ] \ [ "${1:?"Missing first parameter"}" == "${2}" ] \
&& echo "${1}" \ && echo "${1}" \
@@ -215,9 +218,11 @@ function ensureUsageOfDefinitions() {
} }
# sanitizes all parameters # sanitizes all parameters
base.set DEFINITIONS "${1}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
base.set CURRENT_FULLFILE "${2}" '^[-a-zA-Z0-9/:@._]*$' || exit 1
ensureUsageOfDefinitions \ ensureUsageOfDefinitions \
"$(echo ${1} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${DEFINITIONS:?"Missing DEFINITIONS"}" \
"$(echo ${2} | sed -E 's|[^a-zA-Z0-9/:@._-]*||g')" \ "${CURRENT_FULLFILE:?"Missing CURRENT_FULLFILE"}" \
&& exit 0 && exit 0
exit 1 exit 1