[feat] Add input validation to inputbox whiptail prompts

2025-12-07 09:42:46 +01:00 · 2021-01-12 11:02:33 -05:00
parent 0dc0780e28
commit 5d077d278e
3 changed files with 393 additions and 174 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -360,18 +360,14 @@ clear_manager() {

 }

-collect_soremote_inputs() {
-	whiptail_create_soremote_user
-	SCMATCH=no
-	while [[ $SCMATCH != yes ]]; do
-		whiptail_create_soremote_user_password1
-		whiptail_create_soremote_user_password2
-		check_soremote_pass
-	done
-}
-
 collect_adminuser_inputs() {
 	whiptail_create_admin_user
+
+	while ! valid_username "$ADMINUSER"; do
+		whiptail_invalid_input
+		whiptail_create_admin_user
+	done
+
 	APMATCH=no
 	while [[ $APMATCH != yes ]]; do
 		whiptail_create_admin_user_password1
@@ -380,8 +376,80 @@ collect_adminuser_inputs() {
 	done
 }

+collect_cur_close_days() {
+	whiptail_cur_close_days
+
+	while ! valid_int "$CURCLOSEDAYS" "1"; do
+		whiptail_invalid_input
+		whiptail_cur_close_days
+	done
+}
+
+collect_dns() {
+	whiptail_management_interface_dns
+
+	while ! valid_dns_list "$MDNS"; do
+		whiptail_invalid_input
+		whiptail_management_interface_dns
+	done
+}
+
+collect_dns_domain() {
+	whiptail_management_interface_dns_search
+
+	while ! valid_fqdn "$MSEARCH"; do
+		whiptail_invalid_input
+		whiptail_management_interface_dns_search
+	done
+}
+
+collect_dockernet() {
+	if whiptail_dockernet_check; then
+		whiptail_dockernet_net
+
+		while ! valid_ip4 "$DOCKERNET"; do
+			whiptail_invalid_input
+			whiptail_dockernet_net
+		done
+	fi
+}
+
+collect_es_cluster_name() {
+	if whiptail_manager_adv_escluster; then
+		whiptail_manager_adv_escluster_name
+
+		while ! valid_string "$ESCLUSTERNAME"; do
+			whiptail_invalid_input
+			whiptail_manager_adv_escluster_name
+		done
+	fi
+}
+
+collect_es_shard_count() {
+	whiptail_shard_count
+
+	while ! valid_int "$SHARDCOUNT"; do
+		whiptail_invalid_input
+		whiptail_shard_count
+	done
+}
+
+collect_es_space_limit() {
+	whiptail_log_size_limit
+
+	while ! valid_int "$log_size_limit" "1"; do # Upper/lower bounds?
+		whiptail_invalid_input
+		whiptail_log_size_limit
+	done
+}
+
 collect_fleet_custom_hostname_inputs() {
 	whiptail_fleet_custom_hostname
+
+	while ! valid_fqdn "$FLEETCUSTOMHOSTNAME" || [[ $FLEETCUSTOMHOSTNAME != "" ]]; do
+		whiptail_invalid_input
+		whiptail_fleet_custom_hostname
+	done
 }

 collect_fleetuser_inputs() {
@@ -408,6 +476,218 @@ collect_fleetuser_inputs() {
 	done
 }

+collect_gateway() {
+	whiptail_management_interface_gateway
+
+	while ! valid_ip4 "$MGATEWAY"; do
+		whiptail_invalid_input
+		whiptail_management_interface_gateway
+	done
+}
+
+collect_helix_key() {
+	whiptail_helix_apikey # validate?
+}
+
+collect_homenet_mngr() {
+	whiptail_homenet_manager
+	
+	while ! __validate_cidr_arr "$HNMANAGER"; do
+		whiptail_invalid_input
+		whiptail_homenet_manager
+	done
+}
+
+collect_homenet_snsr() {
+	if whiptail_homenet_sensor_inherit; then
+		export HNSENSOR=inherit
+	else
+		whiptail_homenet_sensor
+		
+		while ! __validate_cidr_arr "$HNSENSOR"; do
+			whiptail_invalid_input
+			whiptail_homenet_sensor
+		done
+	fi
+}
+
+collect_hostname() {
+	HOSTNAME=$(cat /etc/hostname)
+	if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
+
+	whiptail_set_hostname
+
+	while ! valid_hostname "$HOSTNAME"; do
+		whiptail_invalid_hostname
+		whiptail_set_hostname
+	done
+}
+
+collect_int_ip_mask() {
+	whiptail_management_interface_ip_mask
+
+	while ! valid_cidr "$manager_ip_mask"; do
+		whiptail_invalid_input
+		whiptail_management_interface_ip_mask
+	done
+
+	MIP=$(echo "$manager_ip_mask" | sed 's/\/.*//' )
+	MMASK=$(echo "$manager_ip_mask" | sed 's/.*\///')
+}
+
+collect_mngr_hostname() {
+	whiptail_management_server
+
+	while ! valid_hostname "$MSRV"; do
+		whiptail_invalid_hostname
+		whiptail_management_server
+	done
+
+	if ! getent hosts "$MSRV"; then
+		add_manager_hostfile
+	else
+		MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}')
+	fi
+}
+
+collect_mtu() {
+	whiptail_bond_nics_mtu
+
+	while ! valid_int "$MTU" "68"; do
+		whiptail_invalid_input
+		whiptail_bond_nics_mtu
+	done
+}
+
+collect_node_es_heap() {
+	whiptail_node_es_heap
+
+	while ! valid_int "$NODE_ES_HEAP_SIZE"; do
+		whiptail_invalid_input
+		whiptail_node_es_heap
+	done
+}
+
+collect_node_ls_heap() {
+	whiptail_node_ls_heap
+
+	while ! valid_int "$NODE_LS_HEAP_SIZE"; do
+		whiptail_invalid_input
+		whiptail_node_ls_heap
+	done
+}
+
+collect_node_ls_input() {
+	whiptail_node_ls_input_threads
+	while ! valid_int "$LSINPUTTHREADS"; do
+		whiptail_invalid_input
+		whiptail_node_ls_input_threads
+	done
+}
+
+collect_node_ls_pipeline_batch_size() {
+	whiptail_node_ls_pipline_batchsize
+
+	while ! valid_int "$LSPIPELINEBATCH"; do
+		whiptail_invalid_input
+		whiptail_node_ls_pipline_batchsize
+	done
+}
+
+collect_node_ls_pipeline_worker_count() {
+	whiptail_node_ls_pipeline_worker
+
+	while ! valid_int "$LSPIPELINEWORKERS"; do
+		whiptail_invalid_input
+		whiptail_node_ls_pipeline_worker
+	done
+}
+
+collect_oinkcode() {
+	whiptail_oinkcode
+	while ! valid_string "$OINKCODE" "" "128"; do #TODO: verify max length here
+		whiptail_invalid_input
+		whiptail_oinkcode
+	done
+}
+
+collect_patch_schedule() {
+	whiptail_patch_schedule
+
+	case $patch_schedule in
+		'New Schedule')
+			whiptail_patch_schedule_select_days
+			whiptail_patch_schedule_select_hours
+			collect_patch_schedule_name_new
+			patch_schedule_os_new
+		;;
+		'Import Schedule')
+			collect_patch_schedule_name_import
+		;;
+		'Automatic')
+			PATCHSCHEDULENAME='auto'
+		;;
+		'Manual')
+			PATCHSCHEDULENAME='manual'
+		;;
+	esac
+}
+
+collect_patch_schedule_name_new() {
+	whiptail_patch_name_new_schedule
+
+	while ! valid_string "$PATCHSCHEDULENAME"; do
+		whiptail_invalid_input
+		whiptail_patch_name_new_schedule
+	done
+}
+
+collect_patch_schedule_name_import() {
+	whiptail_patch_schedule_import
+
+	while ! valid_string "$PATCHSCHEDULENAME"; do
+		whiptail_invalid_input
+		whiptail_patch_schedule_import
+	done
+}
+
+collect_redirect_host() {
+	whiptail_set_redirect_host
+
+	while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do
+		whiptail_invalid_input
+		whiptail_set_redirect_host
+	done
+}
+
+collect_so_allow() {
+	if whiptail_so_allow_yesno; then
+		whiptail_so_allow
+		while ! valid_cidr "$ALLOW_CIDR" && ! valid_ip4 "$ALLOW_CIDR"; do
+			whiptail_invalid_input
+			whiptail_so_allow
+		done
+	fi
+}
+
+collect_soremote_inputs() {
+	whiptail_create_soremote_user
+	SCMATCH=no
+	while [[ $SCMATCH != yes ]]; do
+		whiptail_create_soremote_user_password1
+		whiptail_create_soremote_user_password2
+		check_soremote_pass
+	done
+}
+
+collect_suri() {
+	whiptail_basic_suri
+
+	while ! valid_int "$BASICSURI"; do
+		whiptail_invalid_input
+		whiptail_basic_suri
+	done
+}

 collect_webuser_inputs() {
 	# Get a password for the web admin user
@@ -425,9 +705,9 @@ collect_webuser_inputs() {
 	while [[ $WPMATCH != yes ]]; do
 	    whiptail_create_web_user_password1
 	    while ! check_password "$WEBPASSWD1"; do
-			whiptail_invalid_pass_characters_warning
-			whiptail_create_web_user_password1
-		done
+				whiptail_invalid_pass_characters_warning
+				whiptail_create_web_user_password1
+			done
 		if echo "$WEBPASSWD1" | so-user valpass >> "$setup_log" 2>&1; then
 			whiptail_create_web_user_password2
 			check_web_pass
@@ -437,6 +717,15 @@ collect_webuser_inputs() {
 	done
 }

+collect_zeek() {
+	whiptail_basic_zeek
+
+	while ! valid_int "$BASICZEEK"; do
+		whiptail_invalid_input
+		whiptail_basic_zeek
+	done
+}
+
 configure_minion() {
 	local minion_type=$1
 	echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1
@@ -1019,7 +1308,7 @@ generate_repo_tarball() {
 get_redirect() {
 	whiptail_set_redirect
 	if [ "$REDIRECTINFO" = "OTHER" ]; then
-		whiptail_set_redirect_host
+		collect_redirect_host
 	fi
 }

@@ -1345,22 +1634,21 @@ network_init() {
 network_init_whiptail() {
 	case "$setup_type" in
 		'iso')
-			whiptail_set_hostname
+			collect_hostname
 			whiptail_management_nic
 			whiptail_dhcp_or_static

 			if [ "$address_type" != 'DHCP' ]; then
-				whiptail_management_interface_ip
-				whiptail_management_interface_mask
-				whiptail_management_interface_gateway
-				whiptail_management_interface_dns
-				whiptail_management_interface_dns_search
+				collect_int_ip_mask
+				collect_gateway
+				collect_dns
+				collect_dns_domain
 			fi
 			;;
 		'network')
 			whiptail_network_notice
 			whiptail_dhcp_warn
-			whiptail_set_hostname
+			collect_hostname
 			whiptail_management_nic
 			;;
 	esac