[feat] Add input validation to inputbox whiptail prompts

2026-02-23 07:25:31 +01:00 · 2021-01-12 11:02:33 -05:00
parent 0dc0780e28
commit 5d077d278e
3 changed files with 393 additions and 174 deletions
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -75,7 +75,6 @@ whiptail_bond_nics_mtu() {

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
 }

 whiptail_cancel() {
@@ -120,6 +119,8 @@ whiptail_create_admin_user() {
 	ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
 	"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)

+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
 }

 whiptail_create_admin_user_password1() {
@@ -300,20 +301,6 @@ whiptail_storage_requirements() {
 	whiptail_check_exitstatus $exitstatus
 }

-whiptail_invalid_pass_warning() {
-
-	[ -n "$TESTING" ] && return
-
-	whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
-}
-
-whiptail_invalid_pass_characters_warning() {
-
-	[ -n "$TESTING" ] && return
-
-	whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." 8 75
-}
-
 whiptail_cur_close_days() {

 	[ -n "$TESTING" ] && return
@@ -391,11 +378,6 @@ whiptail_dockernet_check(){
 	whiptail --title "Security Onion Setup" --yesno \
 	"Do you want to keep the default Docker IP range? \n \n(Choose yes if you don't know what this means)" 10 75

-	local exitstatus=$?
-
-	if [[ $exitstatus == 1 ]]; then
-	whiptail_dockernet_net
-	fi
 }

 whiptail_dockernet_net() {
@@ -495,32 +477,29 @@ whiptail_homenet_manager() {
 	[ -n "$TESTING" ] && return

 	HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
+		"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

 	export HNMANAGER
 }

-whiptail_homenet_sensor() {
-
+whiptail_homenet_sensor_inherit() {
 	[ -n "$TESTING" ] && return

 	# Ask to inherit from manager
 	whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
+}

-	local exitstatus=$?
+whiptail_homenet_sensor() {
+	[ -n "$TESTING" ] && return

-	if [ $exitstatus == 0 ]; then
-		export HNSENSOR=inherit
-	else
-		HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
+	HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
 		"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
-		local exitstatus=$?
-		whiptail_check_exitstatus $exitstatus
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus

-		export HNSENSOR
-	fi
+	export HNSENSOR
 }

 whiptail_install_type() {
@@ -602,6 +581,13 @@ whiptail_install_type_other() {
 	export install_type
 }

+whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow
+	[ -n "$TESTING" ] && return
+	
+	whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again." 8 75
+
+}
+
 whiptail_invalid_pass_characters_warning() {

 	[ -n "$TESTING" ] && return
@@ -623,6 +609,18 @@ whiptail_invalid_user_warning() {
 	whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
 }

+whiptail_invalid_hostname() {
+	[ -n "$TESTING" ] && return
+
+	local error_message
+	error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \
+		the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
+		and hyphen ('-')" | tr -d '\t')
+
+	whiptail --title "Security Onion Setup" \
+	--msgbox "$error_message" 10 75
+}
+
 whiptail_log_size_limit() {

 	[ -n "$TESTING" ] && return
@@ -692,6 +690,16 @@ whiptail_management_interface_gateway() {
 	whiptail_check_exitstatus $exitstatus
 }

+whiptail_management_interface_ip_mask() {
+	[ -n "$TESTING" ] && return
+
+	manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \
+		"Enter your IP address (with CIDR mask):" 10 60 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_management_interface_ip() {

 	[ -n "$TESTING" ] && return
@@ -781,7 +789,6 @@ whiptail_net_setup_complete() {
 	exit 0
 }

-
 whiptail_management_server() {

 	[ -n "$TESTING" ] && return
@@ -792,28 +799,6 @@ whiptail_management_server() {
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

-	while [[ $MSRV == *'localhost'* || ! ( $MSRV =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do
-		local error_message
-		error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \
-			the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
-			and hyphen ('-')" | tr -d '\t')
-
-		whiptail --title "Security Onion Setup" \
-		--msgbox "$error_message" 10 75
-
-		MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter your Manager Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
-
-		local exitstatus=$?
-		whiptail_check_exitstatus $exitstatus
-	done
-
-	if ! getent hosts "$MSRV"; then
-		add_manager_hostfile
-	else
-		MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}')
-	fi
-
 }

 # Ask if you want to do advanced setup of the Manager
@@ -839,11 +824,6 @@ whiptail_manager_adv_escluster(){
 	whiptail --title "Security Onion Setup" --yesno \
 	"Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75

-	local exitstatus=$?
-
-	if [[ $exitstatus == 0 ]]; then
-	whiptail_manager_adv_escluster_name
-	fi
 }

 # Get a cluster name
@@ -1012,24 +992,24 @@ whiptail_node_ls_heap() {

 }

-whiptail_node_ls_pipeline_worker() {
+whiptail_node_ls_pipline_batchsize() {

 	[ -n "$TESTING" ] && return

-	LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
+	LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
+	"\nEnter Logstash pipeline batch size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

 }

-whiptail_node_ls_pipline_batchsize() {
+whiptail_node_ls_pipeline_worker() {

 	[ -n "$TESTING" ] && return

-	LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+	LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
+	"\nEnter number of Logstash pipeline workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1041,7 +1021,7 @@ whiptail_node_ls_input_threads() {
 	[ -n "$TESTING" ] && return

 	LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
-		"\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
+		"\nEnter number of Logstash input threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)

 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
@@ -1078,16 +1058,6 @@ whiptail_patch_name_new_schedule() {

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
-	while [[ -z "$PATCHSCHEDULENAME"  ]]; do
-		whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75
-		PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
-		"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
-		local exitstatus=$?
-		whiptail_check_exitstatus $exitstatus
-	done
-
-
 }

 whiptail_patch_schedule() {
@@ -1104,27 +1074,6 @@ whiptail_patch_schedule() {

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
-
-	case $patch_schedule in
-	'New Schedule')
-		whiptail_patch_schedule_select_days
-		whiptail_patch_schedule_select_hours
-		whiptail_patch_name_new_schedule
-		patch_schedule_os_new
-		;;
-	'Import Schedule')
-		whiptail_patch_schedule_import
-		;;
-	'Automatic')
-		PATCHSCHEDULENAME='auto'
-		;;
-	'Manual')
-		PATCHSCHEDULENAME='manual'
-		;;
-	esac
-
-
 }

 whiptail_patch_schedule_import() {
@@ -1304,32 +1253,11 @@ whiptail_set_hostname() {

 	[ -n "$TESTING" ] && return

-	HOSTNAME=$(cat /etc/hostname)
-
-	if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
-
 	HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+		"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
-	while [[ $HOSTNAME == *'localhost'* || ! ( $HOSTNAME =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do
-		local error_message
-		error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \
-			the ASCII letters 'a' through 'z' (case-insensitive), the digits '0' through '9', \
-			and hyphen ('-')" | tr -d '\t')
-
-		whiptail --title "Security Onion Setup" \
-		--msgbox "$error_message" 10 75
-
-		HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
-
-		local exitstatus=$?
-		whiptail_check_exitstatus $exitstatus
-	done
-
 }

 whiptail_set_redirect() {
@@ -1350,7 +1278,7 @@ whiptail_set_redirect_host() {
 	[ -n "$TESTING" ] && return

 	REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the Hostname or IP you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+	"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
@@ -1412,25 +1340,25 @@ whiptail_shard_count() {

 }

-whiptail_so_allow() {
-
+whiptail_so_allow_yesno() {
 	[ -n "$TESTING" ] && return

 	whiptail --title "Security Onion Setup" \
-	--yesno "Do you want to run so-allow to allow access to the web tools?" \
-	8 75
+		--yesno "Do you want to run so-allow to allow access to the web tools?" \
+		8 75
+}

-	local exitstatus=$?
+whiptail_so_allow() {

-	if [[ $exitstatus == 0 ]]; then
-		ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
+	[ -n "$TESTING" ] && return
+	
+	ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
 		--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
 		10 75 3>&1 1>&2 2>&3)
-		local exitstatus=$?
-		
-		export ALLOW_ROLE='a'
-		export ALLOW_CIDR
-	fi
+	local exitstatus=$?
+	
+	export ALLOW_ROLE='a'
+	export ALLOW_CIDR
 }

 whiptail_storage_requirements() {