From c3a67f3d41e24d68619f315e19585fa6007b9a084359effebe7fd231deaeff87 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Mon, 2 Jun 2025 20:11:58 +0200
Subject: [PATCH] V8.03.256.2025.06.02

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 README.md            |  4 ++--
 lib/lib_sanitizer.sh | 37 ++++++++++++++++++++++++++++---------
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 7691c43..9705751 100644
--- a/README.md
+++ b/README.md
@@ -95,7 +95,7 @@ source-defined infrastructure logic.<br>
 
 After build and configuration, the following audit reports can be generated:
 
-* **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance.
+* **Haveged Audit Report**: Validates entropy daemon health and confirms `/dev/random` seeding performance.
   Type `chkhvg` at the prompt. See example report: **[Haveged Audit Report](/docs/AUDIT_HAVEGED.md)**
 * **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline.
   Type `lsadt` at the prompt. See example report: **[Lynis Audit Report](/docs/AUDIT_LYNIS.md)**
@@ -143,7 +143,7 @@ This project adheres strictly to a structured versioning scheme following the pa
 
 Example: `8.03.256.2025.06.02`
 
-x.y.z represents major (x), minor (y), and patch (z) version increments.
+`x.y.z` represents major (x), minor (y), and patch (z) version increments.
 
 Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring 
 reproducibility and traceability.
diff --git a/lib/lib_sanitizer.sh b/lib/lib_sanitizer.sh
index 968843e..fb641bd 100644
--- a/lib/lib_sanitizer.sh
+++ b/lib/lib_sanitizer.sh
@@ -19,7 +19,7 @@ arg_check() {
   declare a
   declare sanitized_args=()
   for a in "$@"; do
-    sanitized_args+=( "$(sanitize_arg "${a}")" )
+    sanitized_args+=("$( sanitize_arg "${a}")")
   done
   set -- "${sanitized_args[@]}"
 }
@@ -33,13 +33,32 @@ arg_check() {
 #   $1: Argument to check
 #######################################
 sanitize_arg() {
-  declare input="$1"
-  # Define allowed characters:
-  # letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
+  declare input="${1}"
+  declare disallowed_ctrl=""
+  ### Step 1: Check for control characters
+  if printf '%s' "${input}" | grep -qP '[[:cntrl:]]'; then
+    disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \
+      | while read -r c; do printf "%02X " "'$c"; done)
+    {
+      printf "❌ Control character   : '%s'. \n" "${disallowed_ctrl}"
+      printf "❌         in argument : '%s'. \n" "${input}"
+      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
+      printf "\n"
+    } >> "${LOG_ERROR}"
+    boot_screen_cleaner
+    printf "\e[91m❌ Control character   : '%s'. \e[0m\n" "${disallowed_ctrl}" >&2
+    printf "\e[91m❌         in argument : '%s'. \e[0m\n" "${input}" >&2
+    printf "\e[91m❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
+    # shellcheck disable=SC2162
+    read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
+    exit "${ERR_INVLD_CHAR}"
+  fi
+
+  ### Step 2: Define allowed characters:
+  ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
   declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
   declare disallowed
   disallowed=$(printf '%s' "${input}" | tr -d "${allowed}")
-
   if [[ -n ${disallowed} ]]; then
     {
       printf "❌ Invalid character   : '%s'. \n" "${disallowed//?/& }"
@@ -66,9 +85,9 @@ sanitize_arg() {
 #######################################
 sanitize_string() {
   declare input="$1"
-  # Define allowed characters:
-  # letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
-  declare allowed='a-zA-Z0-9._/=\[\]:"\- '
+  ### Define allowed characters:
+  ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
+  declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
   printf '%s' "${input}" | tr -cd "${allowed}"
 }
 
@@ -79,7 +98,7 @@ sanitize_string() {
 #######################################
 sanitize_shell_literal() {
   declare input="$1"
-  # %q quotes the string so that the shell re-reads it as the original literal
+  ### %q quotes the string so that the shell re-reads it as the original literal
   printf '%q' "${input}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh