[Security] Patches multiple security issue (hestiacp#2555)

jaapmarcus · web-flow · commit d50f95cf2080 · 2022-04-27T20:05:17.000+02:00
* Add missing check in is_format_valid

* Add check on v-delete-dns-domain

* Validate theme via is_format_valid

* No need for extra code

* Prevent LF command passed trough + Add test to verify

* Add missing checks

* Don't allow exception for localhost

* Add some more missing checks

* Fix to strict error validation

* Add validation for user

* Fix bug in main.sh

* Use -d instead -f
diff --git a/bin/v-add-access-key b/bin/v-add-access-key
@@ -61,12 +61,9 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [PERMISSIONS] [COMMENT] [FORMAT]'
-is_format_valid 'user'
+is_format_valid 'user' 'comment' 'format'
 is_object_valid 'user' 'USER' "$user"
 is_key_permissions_format_valid "$permissions" "$user"
-if [ -n "$comment" ]; then
-    is_format_valid 'comment'
-fi
 
 #----------------------------------------------------------#
 #                       Action                             #
diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host
@@ -107,7 +107,8 @@ EOF
 if [ "$type" != 'local' ];then
     check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
     is_format_valid 'host' 'path' 'port'
-    is_username_format_valid "$username" "username"
+    is_type_valid "$type" 'sftp,ftp,b2'
+    is_username_format_valid "$user" "username"
     is_password_valid
     format_no_quotes "$password" "password"
     
diff --git a/bin/v-add-cron-job b/bin/v-add-cron-job
@@ -44,6 +44,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'CRON_JOBS'
 get_next_cronjob
 is_format_valid 'job'
+is_format_valid 'restart'
 is_object_new 'cron' 'JOB' "$job"
 
 # Perform verification if read-only mode is enabled
diff --git a/bin/v-add-dns-domain b/bin/v-add-dns-domain
@@ -66,6 +66,10 @@ if [ -z "$(is_ip_format_valid $domain)" ]; then
     exit 1
 fi
 
+if [ -n "$restart" ]; then 
+    is_format_valid 'restart'
+fi
+
 is_package_full 'DNS_DOMAINS'
 template=$(get_user_value '$DNS_TEMPLATE')
 is_dns_template_valid "$template"
diff --git a/bin/v-add-dns-record b/bin/v-add-dns-record
@@ -96,6 +96,9 @@ is_object_new "dns/$domain" 'ID' "$id"
 is_dns_fqnd "$rtype" "$dvalue"
 is_dns_nameserver_valid "$domain" "$rtype" "$dvalue"
 is_format_valid 'ttl'
+if [ -n "$restart" ]; then
+    is_format_valid 'restart'
+fi
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
diff --git a/bin/v-add-fastcgi-cache b/bin/v-add-fastcgi-cache
@@ -31,7 +31,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [DURATION] [DEBUG] [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
diff --git a/bin/v-add-firewall-chain b/bin/v-add-firewall-chain
@@ -13,6 +13,7 @@
 # Argument definition
 chain=$(echo $1 | tr '[:lower:]' '[:upper:]')
 port=$2
+port_ext=$2
 protocol=${4-TCP}
 protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
 
@@ -40,7 +41,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]'
-is_format_valid 'chain'
+is_format_valid 'chain' 'port_ext' 'protocol'
 is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 
 # Perform verification if read-only mode is enabled
diff --git a/bin/v-add-mail-domain b/bin/v-add-mail-domain
@@ -50,7 +50,7 @@ domain_utf=$(idn -t --quiet -u "$domain_idn")
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [ANTISPAM] [ANTIVIRUS] [DKIM] [DKIM_SIZE]'
-is_format_valid 'user' 'domain' 'antispam' 'antivirus' 'dkim' 'dkim_size'
+is_format_valid 'user' 'domain' 'antispam' 'antivirus' 'dkim' 'dkim_size' 'restart'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
diff --git a/bin/v-add-mail-domain-ssl b/bin/v-add-mail-domain-ssl
@@ -63,6 +63,9 @@ is_web_domain_cert_valid
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
+if [ -n "$restart" ]; then 
+    is_format_valid "$restart"
+fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
diff --git a/bin/v-add-mail-domain-webmail b/bin/v-add-mail-domain-webmail
@@ -61,7 +61,7 @@ if [ -z "$webmail" ]; then
 fi
 
 check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
 is_type_valid "$WEBMAIL_SYSTEM disabled" "$webmail"
diff --git a/bin/v-add-remote-dns-domain b/bin/v-add-remote-dns-domain
@@ -32,6 +32,9 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '2' "$#" 'USER DOMAIN [FLUSH]'
 is_format_valid 'user' 'domain'
+if [ -n "$flush" ]; then
+    is_type_valid "records yes no" "$flush" 
+fi
 is_system_enabled "$DNS_CLUSTER" 'DNS_CLUSTER'
 is_procces_running
 remote_dns_health_check
diff --git a/bin/v-add-remote-dns-host b/bin/v-add-remote-dns-host
@@ -46,7 +46,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 args_usage='HOST PORT USER [PASSWORD] [TYPE] [DNS_USER]'
 check_args '3' "$#" "$args_usage"
-is_format_valid 'host' 'port' 'type' 'dns_user'
+is_format_valid 'host' 'port' 'dns_user'
 if [ -z "$password" ]; then
     is_format_valid 'hash'
 else
diff --git a/bin/v-change-user-ns b/bin/v-change-user-ns
@@ -38,29 +38,31 @@ check_args '3' "$#" 'USER NS1 NS2 [NS3] [NS4] [NS5] [NS6] [NS7] [NS8]'
 
 # Checking argument format
 is_format_valid 'user' 'ns1' 'ns2'
+
+ns="$ns1,$ns2"
 if [ -n "$ns3" ]; then
-    ns3=$(echo "$4" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns3'
+    ns="$ns,$ns3"
 fi
 if [ -n "$ns4" ]; then
-    ns4=$(echo "$5" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns4'
+    ns="$ns,$ns4"
 fi
 if [ -n "$ns5" ]; then
-    ns5=$(echo "$6" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns5'
+    ns="$ns,$ns5"
 fi
 if [ -n "$ns6" ]; then
-    ns6=$(echo "$7" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns6'
+    ns="$ns,$ns6"
 fi
 if [ -n "$ns7" ]; then
-    ns7=$(echo "$8" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns7'
+    ns="$ns,$ns7"
 fi
 if [ -n "$ns8" ]; then
-    ns8=$(echo "$9" | sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns8'
+    ns="$ns,$ns8"
 fi
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
@@ -72,10 +74,6 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Merging values
-ns="$ns1,$ns2,$ns3,$ns4,$ns5,$ns6,$ns7,$ns8"
-ns=$(echo "$ns" | sed -e "s/,,//g" -e "s/,$//")
-
 # Changing ns values
 update_user_value "$user" '$NS' "$ns"
 
diff --git a/bin/v-change-user-theme b/bin/v-change-user-theme
@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-is_format_valid 'user'
+is_format_valid 'user' 'theme'
 is_common_format_valid "$theme" "theme"
 is_object_valid 'user' 'USER' "$user"
 
diff --git a/bin/v-change-web-domain-name b/bin/v-change-web-domain-name
@@ -40,6 +40,7 @@ format_domain_idn
 
 check_args '3' "$#" 'USER DOMAIN NEW_DOMAIN [RESTART]'
 is_format_valid 'user' 'domain'
+is_domain_format_valid "$new_domain"
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
diff --git a/bin/v-check-access-key b/bin/v-check-access-key
@@ -78,7 +78,7 @@ abort_missmatch() {
 CHECK_RESULT_CALLBACK="abort_missmatch"
 
 check_args '3' "$#" 'ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]'
-is_format_valid 'access_key_id'
+is_format_valid 'access_key_id' 'ip' 'command'
 is_object_valid 'key' 'KEY' "$access_key_id"
 is_format_valid 'secret_access_key'
 check_access_key_secret "$access_key_id" "$secret_access_key" user
diff --git a/bin/v-delete-database-temp-user b/bin/v-delete-database-temp-user
@@ -33,7 +33,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DATABASE DBUSER [TYPE] [HOST]'
-is_format_valid 'user' 'dbuser'
+is_format_valid 'user' 'database' 'dbuser'
 is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
diff --git a/bin/v-delete-dns-on-web-alias b/bin/v-delete-dns-on-web-alias
@@ -13,6 +13,7 @@
 # Argument definition
 user=$1
 domain=$2
+alias=$3
 domain_idn=$2
 dom_alias=$(idn -t --quiet -u "$3" )
 dom_alias=$(echo $dom_alias |sed -e 's/\.*$//g' -e 's/^\.*//g')
@@ -43,7 +44,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 check_args '3' "$#" 'USER DOMAIN ALIAS [RESTART]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'alias' 'restart'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
diff --git a/bin/v-delete-mail-account-forward b/bin/v-delete-mail-account-forward
@@ -36,6 +36,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '4' "$#" 'USER DOMAIN ACCOUNT FORWARD'
+is_format_valid 'user' 'domain' 'account'
 if [ "$forward"  != ':blackhole:' ]; then
     is_format_valid 'forward'
 fi
diff --git a/bin/v-delete-user-notification b/bin/v-delete-user-notification
@@ -12,7 +12,7 @@
 
 # Argument definition
 user=$1
-nid=$2
+id=$2
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER NOTIFICATION'
-is_format_valid 'user' 'nid'
+is_format_valid 'user' 'id'
 is_object_valid 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled
@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Deleting notification
-sed -i "/NID='$nid' /d" $USER_DATA/notifications.conf 2>/dev/null
+sed -i "/NID='$id' /d" $USER_DATA/notifications.conf 2>/dev/null
 
 # Checking last notification
 if [ -e "$USER_DATA/notifications.conf" ]; then
diff --git a/bin/v-delete-user-ssh-key b/bin/v-delete-user-ssh-key
@@ -29,6 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '2' "$#" 'USER KEYID'
 is_format_valid 'user'
+is_no_new_line_format "$key_id"
 is_object_valid 'user' 'USER' "$user"
 
 source "$USER_DATA/user.conf"
diff --git a/bin/v-generate-ssl-cert b/bin/v-generate-ssl-cert
@@ -72,6 +72,11 @@ fi
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
 is_format_valid 'domain' 'aliases' 'format' 'email'
+is_common_format_valid $country "country"
+is_common_format_valid $state "state"
+is_common_format_valid $org "org"
+is_common_format_valid $unit "unit"
+
 
 release="$(lsb_release -s -r)"
 
diff --git a/bin/v-get-user-salt b/bin/v-get-user-salt
@@ -64,7 +64,7 @@ csv_list() {
 
 
 check_args '1' "$#" 'USER [IP] [SALT]'
-is_format_valid 'user'
+is_format_valid 'user' 'ip'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ]; then
diff --git a/bin/v-log-action b/bin/v-log-action
@@ -31,6 +31,8 @@ event_level=$2
 export event_category=$3
 event_details=$4
 
+is_common_format_valid "$event_level" "event level"
+
 # Validate event type input
 if [ "$event_level" != "Info" ] && [ "$event_level" != "Warning" ] && [ "$event_level" != "Error" ]; then 
     echo "Error: Invalid event type specified."
@@ -47,6 +49,7 @@ fi
 
 check_args '4' "$#" 'USER TYPE CATEGORY DETAILS'
 if [ "$user" != "system" ]; then
+    is_format_valid 'user'
     is_object_valid 'user' 'USER' "$user"
 fi
 
diff --git a/bin/v-log-user-logout b/bin/v-log-user-logout
@@ -24,6 +24,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '2' "$#" 'USER SESSION_ID'
 is_format_valid 'user'
+is_common_format_valid "$session_id" "Session ID"
 is_object_valid 'user' 'USER' "$user"
 
 if [ ! -f "$USER_DATA/auth.log" ]; then
diff --git a/bin/v-purge-nginx-cache b/bin/v-purge-nginx-cache
@@ -13,6 +13,7 @@
 # Argument definition
 user=$1
 domain=$2
+rstart=$3
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -28,8 +29,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain' 'restart'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
diff --git a/bin/v-schedule-letsencrypt-domain b/bin/v-schedule-letsencrypt-domain
@@ -30,7 +30,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [ALIASES]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'aliases'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
diff --git a/bin/v-update-host-certificate b/bin/v-update-host-certificate
@@ -36,6 +36,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '1' "$#" '[USER] [HOSTNAME]'
 is_format_valid 'user'
+is_domain_format_valid "$hostname" "hostname"
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
diff --git a/bin/v-update-user-backup-exclusions b/bin/v-update-user-backup-exclusions
@@ -40,7 +40,7 @@ is_file_valid() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER FILE'
-is_format_valid 'user' 'vfile'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_file_available
 is_file_valid
diff --git a/func/main.sh b/func/main.sh
diff --git a/test/checks.bats b/test/checks.bats
diff --git a/web/inc/main.php b/web/inc/main.php
