cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 2 Improvements: Array safety, URL encoding, and source guards

Browse Source 
IMPROVEMENTS:
1. Array Safety (reference-db.sh:128-134)
   - Changed from unsafe word-splitting to proper array construction
   - Uses while loop with IFS= read for safer user enumeration
   - Prevents issues with usernames containing special characters

2. URL Encoding for Domain Checks (reference-db.sh:24-48)
   - Added url_encode() helper function
   - Encodes domain names for curl requests
   - Handles domains with special characters safely
   - Prevents curl errors on unusual domain names

3. Configurable Timeout (reference-db.sh:21)
   - Made domain check timeout configurable via DOMAIN_CHECK_TIMEOUT env var
   - Default remains 3 seconds
   - Allows users to adjust for slow networks/servers

4. Source Guards (all library files)
   - Added source guard pattern to prevent re-sourcing
   - Added to: reference-db.sh, common-functions.sh, system-detect.sh
   - Prevents variable/function duplication if file is sourced twice

Testing: All syntax checks pass, functionality verified
This commit is contained in:
Developer
2026-03-19 20:46:39 -04:00
parent ebeffdff75
commit f6fd4118e3
3 changed files with 57 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/reference-db.sh
+45 -5
View File
@@ -6,6 +6,12 @@
# Format: Pipe-delimited structured data
#############################################################################
# Source guard - prevent re-sourcing
if [ -n "${_REFERENCE_DB_LOADED:-}" ]; then
return 0
fi
readonly _REFERENCE_DB_LOADED=1
# Source dependencies
if [ -z "$TOOLKIT_BASE_DIR" ]; then
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -19,6 +25,31 @@ fi
export SYSREF_DB="${TOOLKIT_BASE_DIR}/.sysref.beta"
export SYSREF_TIMESTAMP="${TOOLKIT_BASE_DIR}/.sysref.beta.timestamp"
# Timeout for domain HTTP checks
export DOMAIN_CHECK_TIMEOUT=${DOMAIN_CHECK_TIMEOUT:-3}
#############################################################################
# URL Encoding Helper
#############################################################################
# URL encode a string for safe use in curl requests
url_encode() {
local string="${1:-}"
local strlen=${#string}
local encoded=""
local pos c o
for (( pos=0 ; pos<strlen ; pos++ )); do
c=${string:$pos:1}
case "$c" in
[-_.~a-zA-Z0-9] ) o="${c}" ;;
* ) printf -v o '%%%02X' "'$c"
esac
encoded+="${o}"
done
echo "${encoded}"
}
#############################################################################
# DATABASE STRUCTURE
#############################################################################
@@ -125,7 +156,13 @@ build_system_section() {
build_users_section() {
echo "[USERS]" >> "$SYSREF_DB"
local users=($(list_all_users))
# Safely populate users array from function output
local users=()
while IFS= read -r user; do
[ -z "$user" ] && continue
users+=("$user")
done < <(list_all_users)
local total_users=${#users[@]}
local current=0
@@ -215,14 +252,17 @@ check_domain_status() {
return 0
fi
# Try HTTP (timeout 3 seconds, max 2 redirects, check for valid response)
http_code=$(timeout 3 curl -s -o /dev/null -w "%{http_code}" --max-redirs 2 -m 3 "http://$domain" 2>/dev/null)
# URL encode domain for safe curl request (handles special characters)
local encoded_domain=$(url_encode "$domain")
# Try HTTP (with configurable timeout, max 2 redirects)
http_code=$(timeout "$DOMAIN_CHECK_TIMEOUT" curl -s -o /dev/null -w "%{http_code}" --max-redirs 2 -m "$DOMAIN_CHECK_TIMEOUT" "http://$encoded_domain" 2>/dev/null)
if [ $? -ne 0 ] || [ -z "$http_code" ]; then
http_code="timeout"
fi
# Try HTTPS (timeout 3 seconds, max 2 redirects, ignore cert errors)
https_code=$(timeout 3 curl -s -o /dev/null -w "%{http_code}" --max-redirs 2 -m 3 -k "https://$domain" 2>/dev/null)
# Try HTTPS (with configurable timeout, max 2 redirects, ignore cert errors)
https_code=$(timeout "$DOMAIN_CHECK_TIMEOUT" curl -s -o /dev/null -w "%{http_code}" --max-redirs 2 -m "$DOMAIN_CHECK_TIMEOUT" -k "https://$encoded_domain" 2>/dev/null)
if [ $? -ne 0 ] || [ -z "$https_code" ]; then
https_code="timeout"
fi