LotusGuild/proxDoc
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add input validation with whitelist of valid options

Browse Source 
Implement strict input validation using a whitelist approach.
Only accept options that match the expected pattern and are in
the approved list. This prevents injection attacks and invalid
inputs from being processed.

#16

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-02-05 10:45:19 -05:00
parent c25e3ccc76
commit c8fadf924b
1 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
proxDoc.sh
View File

@@ -468,6 +468,15 @@ get_hwmon_status() {
fi fi
} }
run_selective_checks() {
local checks="$1"
if [[ -z "$checks" ]]; then
log_message error "No checks specified. Use --checks=cpu,ram,disk"
exit 1
fi
log_message info "Selective checks not yet implemented"
}
quick_health_check() { quick_health_check() {
echo -e "\n${GREEN}=== Quick Health Check ===${NC}" echo -e "\n${GREEN}=== Quick Health Check ===${NC}"
echo -e "Running quick health assessment...\n" echo -e "Running quick health assessment...\n"
@@ -653,8 +662,40 @@ runDiags() {
log_message info "Examination complete" log_message info "Examination complete"
} }
# Whitelist of valid command options
readonly VALID_OPTIONS="--help --diags --quick --drives --ceph --node-exporter --hwmon --services --vm-list --ct-list --backup --checks"
validate_input() {
local input="$1"
# Check if input matches valid option pattern (starts with -- and contains only alphanumeric, hyphens, equals, commas)
if [[ ! "$input" =~ ^--[a-z][-a-z=,]*$ ]]; then
return 1
fi
# Extract the option name (before any = sign)
local opt_name="${input%%=*}"
# Check against whitelist
if [[ ! " $VALID_OPTIONS " =~ " $opt_name " ]]; then
return 1
fi
return 0
}
checkForInput() { checkForInput() {
case $1 in local input="$1"
# Validate input against whitelist
if ! validate_input "$input"; then
echo -e "${RED}Invalid option: $input${NC}"
echo -e "Use --help to see available options."
exit 1
fi
# Extract option name and value for --checks=X pattern
local opt_name="${input%%=*}"
local opt_value="${input#*=}"
[[ "$opt_name" == "$opt_value" ]] && opt_value=""
case "$opt_name" in
--help) help ;; --help) help ;;
--diags) check_requirements; runDiags ;; --diags) check_requirements; runDiags ;;
--quick) quick_health_check ;; --quick) quick_health_check ;;
@@ -666,7 +707,7 @@ checkForInput() {
--vm-list) list_vms ;; --vm-list) list_vms ;;
--ct-list) list_containers ;; --ct-list) list_containers ;;
--backup) echo -e "${GREEN}Backup Status:${NC}"; pvesm status 2>/dev/null || log_message warn "pvesm not available" ;; --backup) echo -e "${GREEN}Backup Status:${NC}"; pvesm status 2>/dev/null || log_message warn "pvesm not available" ;;
*) echo -e "${RED}Invalid option: $1${NC}"; help ;; --checks) run_selective_checks "$opt_value" ;;
esac esac
} }