cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ESCAPE issues in threat intelligence and reference DB

Browse Source 
- Added -- separator to grep commands in lib/threat-intelligence.sh (5 fixes)
- Added -- separator to grep commands in lib/reference-db.sh (3 fixes)
- Prevents filename injection attacks where filenames starting with - could be misinterpreted as command options

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
cschantz
2026-01-09 16:20:23 -05:00
parent b6c0ec0e9b
commit c6d5affbee
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/reference-db.sh
+3 -3
View File
@@ -289,9 +289,9 @@ build_domains_section() {
# Extract domain info from config # Extract domain info from config
local domain="$basename" local domain="$basename"
local doc_root=$(grep "^documentroot:" "$config_file" | awk '{print $2}' || true) local doc_root=$(grep "^documentroot:" -- "$config_file" | awk '{print $2}' || true)
local log_path=$(grep "target:.*domlogs" "$config_file" | head -1 | awk '{print $2}' || true) local log_path=$(grep "target:.*domlogs" -- "$config_file" | head -1 | awk '{print $2}' || true)
local server_alias=$(grep "^serveralias:" "$config_file" | awk '{print $2}' || true) local server_alias=$(grep "^serveralias:" -- "$config_file" | awk '{print $2}' || true)
local php_version=$(grep "^phpversion:" "$config_file" | awk '{print $2}' || true) local php_version=$(grep "^phpversion:" "$config_file" | awk '{print $2}' || true)
# Determine if primary domain # Determine if primary domain
lib/threat-intelligence.sh
+5 -5
View File
@@ -139,7 +139,7 @@ is_whitelisted_service() {
# Check static whitelist # Check static whitelist
if [ -f "$whitelist_file" ]; then if [ -f "$whitelist_file" ]; then
if grep -q "^$ip$" "$whitelist_file"; then if grep -q "^$ip$" -- "$whitelist_file"; then
return 0 return 0
fi fi
fi fi
@@ -175,7 +175,7 @@ add_to_whitelist() {
local reason="$2" local reason="$2"
local whitelist_file="/tmp/server-toolkit-whitelist_ips.txt" local whitelist_file="/tmp/server-toolkit-whitelist_ips.txt"
if ! grep -q "^$ip$" "$whitelist_file" 2>/dev/null; then if ! grep -q "^$ip$" -- "$whitelist_file" 2>/dev/null; then
echo "$ip # $reason" >> "$whitelist_file" echo "$ip # $reason" >> "$whitelist_file"
fi fi
} }
@@ -276,7 +276,7 @@ matches_known_pattern() {
fi fi
# Check if this attack type + similar URI has been seen before # Check if this attack type + similar URI has been seen before
local similar_count=$(grep "|$attack_type|" "$pattern_file" | grep -c "$uri" || echo 0) local similar_count=$(grep "|$attack_type|" -- "$pattern_file" | grep -c "$uri" || echo 0)
if [ "$similar_count" -ge 3 ]; then if [ "$similar_count" -ge 3 ]; then
return 0 # Known pattern return 0 # Known pattern
@@ -368,7 +368,7 @@ generate_incident_report() {
local pattern_file="/tmp/server-toolkit-attack-patterns.log" local pattern_file="/tmp/server-toolkit-attack-patterns.log"
if [ -f "$pattern_file" ]; then if [ -f "$pattern_file" ]; then
echo "Recent attacks from this IP:" echo "Recent attacks from this IP:"
grep "|$ip|" "$pattern_file" | tail -20 | while IFS='|' read -r ts ip_addr attack_type uri ua; do grep "|$ip|" -- "$pattern_file" | tail -20 | while IFS='|' read -r ts ip_addr attack_type uri ua; do
echo " [$(date -d @$ts '+%Y-%m-%d %H:%M:%S')] $attack_type - $uri" echo " [$(date -d @$ts '+%Y-%m-%d %H:%M:%S')] $attack_type - $uri"
done done
echo "" echo ""
@@ -424,7 +424,7 @@ check_shared_threats() {
local coordination_file="/tmp/server-toolkit-shared-threats.log" local coordination_file="/tmp/server-toolkit-shared-threats.log"
if [ -f "$coordination_file" ]; then if [ -f "$coordination_file" ]; then
local count=$(grep "|$ip|" "$coordination_file" | wc -l) local count=$(grep "|$ip|" -- "$coordination_file" | wc -l)
echo "$count" echo "$count"
else else
echo "0" echo "0"