V8.02.512.2025.05.30

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-05-30 00:28:39 +02:00
parent 2680012395
commit b2282d3475
172 changed files with 14057 additions and 41 deletions
--- a/lib/lib_sanitizer.sh
+++ b/lib/lib_sanitizer.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+#######################################
+# Argument Check Wrapper
+# Arguments:
+#   $1: "$@" of ./ciss_live_builder.sh
+#######################################
+arg_check() {
+  declare a
+  declare sanitized_args=()
+  for a in "$@"; do
+    sanitized_args+=( "$(sanitize_arg "${a}")" )
+  done
+  set -- "${sanitized_args[@]}"
+}
+
+#######################################
+# Function to sanitize a single argument
+# Globals:
+#   ERROR_LOG
+#   ERR_INVLD_CHAR
+# Arguments:
+#   $1: Argument to check
+#######################################
+sanitize_arg() {
+  declare input="$1"
+  # Define allowed characters:
+  # letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
+  declare allowed='a-zA-Z0-9._/=\[\]:"\- '
+  declare disallowed
+  disallowed=$(printf '%s' "${input}" | tr -d "${allowed}")
+
+  if [[ -n ${disallowed} ]]; then
+    {
+      printf "❌ Invalid character   : '%s'. \n" "${disallowed//?/& }"
+      printf "❌         in argument : '%s'. \n" "${input}"
+      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - ' \n"
+      printf "\n"
+    } >> "${ERROR_LOG}"
+    boot_screen_cleaner
+    printf "\e[91m❌ Invalid character   : '%s'. \e[0m\n" "${disallowed//?/& }" >&2
+    printf "\e[91m❌         in argument : '%s'. \e[0m\n" "${input}" >&2
+    printf "\e[91m❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - ' \e[0m\n" >&2
+    # shellcheck disable=SC2162
+    read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
+    exit "${ERR_INVLD_CHAR}"
+  else
+    printf '%s' "${input}"
+  fi
+}
+
+#######################################
+# Function to remove any character not in the allowed set
+# Arguments:
+#   $1: String to Sanitize
+#######################################
+sanitize_string() {
+  declare input="$1"
+  # Define allowed characters:
+  # letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
+  declare allowed='a-zA-Z0-9._/=\[\]:"\- '
+  printf '%s' "${input}" | tr -cd "${allowed}"
+}
+
+#######################################
+# Function to escape all shell metacharacters
+# Arguments:
+#   $1: String to Sanitize
+#######################################
+sanitize_shell_literal() {
+  declare input="$1"
+  # %q quotes the string so that the shell re-reads it as the original literal
+  printf '%q' "${input}"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh