SecImprove: Use internal function to parse object key/value strings

- 'parse_object_kv_list' will also validate the string format
hestiacp · Aug 19, 2019 · 1f56a42 · 1f56a42
1 parent 6ec54ad
commit 1f56a42
Show file tree

Hide file tree

Showing 63 changed files with 148 additions and 146 deletions.
diff --git a/bin/v-add-letsencrypt-host b/bin/v-add-letsencrypt-host
@@ -46,7 +46,7 @@ is_object_unsuspended 'web' 'DOMAIN' "$domain"
 get_domain_values 'web'
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Set ssl installation to yes
 add_ssl="yes"

diff --git a/bin/v-add-remote-dns-domain b/bin/v-add-remote-dns-domain
@@ -51,10 +51,10 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote dns host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Parsing domain parameters
-    eval $str
+    parse_object_kv_list "$str"
 
     # Syncing domain data
     cluster_cmd v-insert-dns-domain $DNS_USER "$str" $HOSTNAME $flush 'no'

diff --git a/bin/v-add-remote-dns-record b/bin/v-add-remote-dns-record
@@ -52,7 +52,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing serial
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

diff --git a/bin/v-add-web-domain-ssl-force b/bin/v-add-web-domain-ssl-force
@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Check if SSL is enabled
 if [ "$SSL" != 'yes' ]; then

diff --git a/bin/v-add-web-domain-ssl-hsts b/bin/v-add-web-domain-ssl-hsts
@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Check if SSL is enabled
 if [ "$SSL" != 'yes' ]; then

diff --git a/bin/v-change-database-owner b/bin/v-change-database-owner
@@ -75,7 +75,7 @@ mkdir -p $BACKUP/tmp.$database
 $BIN/v-suspend-database $owner $database > /dev/null 2>&1
 
 # Dump database
-eval $db_data
+parse_object_kv_list "$db_data"
 dump="$tmpdir/$database.$TYPE.sql"
 grants="$tmpdir/$database.$TYPE.$DBUSER"
 case $TYPE in
@@ -86,7 +86,7 @@ esac
 # Import configuration
 db_data=$(echo "$db_data" | sed "s/'${owner}_/'${user}_/g")
 echo "$db_data" >> $HESTIA/data/users/$user/db.conf
-eval $db_data
+parse_object_kv_list "$db_data"
 
 # Unsuspend db
 $BIN/v-unsuspend-database $user $new_db > /dev/null 2>&1

diff --git a/bin/v-change-dns-record b/bin/v-change-dns-record
@@ -54,7 +54,7 @@ check_hestia_demo_mode
 
 # Parsing domain config
 line=$(grep "ID='$id'" $USER_DATA/dns/$domain.conf)
-eval $line
+parse_object_kv_list "$line"
 
 # Null priority for none MX/SRV records
 if [ "$TYPE" != 'MX' ] && [ "$TYPE" != 'SRV' ]; then

diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner
@@ -47,7 +47,7 @@ check_hestia_demo_mode
 web_data=$(grep "DOMAIN='$domain'" $HESTIA/data/users/$owner/web.conf)
 if [ ! -z "$web_data" ]; then
     $BIN/v-suspend-web-domain $owner $domain >> /dev/null 2>&1
-    eval $web_data
+    parse_object_kv_list "$web_data"
 
     # Change IP
     if [ ! -z "$ip" ]; then
@@ -95,7 +95,7 @@ fi
 # DNS domain
 dns_data=$(grep "DOMAIN='$domain'" $HESTIA/data/users/$owner/dns.conf)
 if [ ! -z "$dns_data" ]; then
-    eval $dns_data
+    parse_object_kv_list "$dns_data"
 
     # Change IP
     if [ ! -z "$ip" ]; then

diff --git a/bin/v-change-remote-dns-domain-exp b/bin/v-change-remote-dns-domain-exp
@@ -40,7 +40,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing domain
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

diff --git a/bin/v-change-remote-dns-domain-soa b/bin/v-change-remote-dns-domain-soa
@@ -40,7 +40,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing SOA
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

diff --git a/bin/v-change-remote-dns-domain-ttl b/bin/v-change-remote-dns-domain-ttl
@@ -40,7 +40,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing TTL
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

diff --git a/bin/v-delete-cron-restart-job b/bin/v-delete-cron-restart-job
@@ -29,7 +29,7 @@ is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
 cmd="sudo $HESTIA/bin/v-update-sys-queue restart"
 check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
 if [ ! -z "$check_cron" ]; then
-    eval $check_cron
+    parse_object_kv_list "$check_cron"
     $BIN/v-delete-cron-job admin "$JOB"
 fi
 

diff --git a/bin/v-delete-dns-on-web-alias b/bin/v-delete-dns-on-web-alias
@@ -70,7 +70,7 @@ else
             rec=$(grep -w "RECORD='$sub'" $USER_DATA/dns/$root.conf)
         fi
         if [ ! -z "$rec" ]; then
-            eval "$rec"
+            parse_object_kv_list "$rec"
             $BIN/v-delete-dns-record $user "$root" "$ID" $restart
         fi
     fi

diff --git a/bin/v-delete-firewall-chain b/bin/v-delete-firewall-chain
@@ -44,7 +44,7 @@ chains=$HESTIA/data/firewall/chains.conf
 banlist=$HESTIA/data/firewall/banlist.conf
 chain_param=$(grep "CHAIN='$chain'" $chains 2>/dev/null)
 if [ ! -z "$chain_param" ]; then
-    eval $chain_param
+    parse_object_kv_list "$chain_param"
     sed -i "/CHAIN='$chain'/d" $chains
     sed -i "/CHAIN='$chain'/d" $banlist
     $iptables -D INPUT -p $PROTOCOL \

diff --git a/bin/v-delete-remote-dns-domain b/bin/v-delete-remote-dns-domain
@@ -39,7 +39,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing domain
     cluster_cmd v-delete-dns-domain $DNS_USER $domain 'yes'

diff --git a/bin/v-delete-remote-dns-domains b/bin/v-delete-remote-dns-domains
@@ -21,6 +21,7 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+is_format_valid 'host'
 is_system_enabled "$DNS_CLUSTER" 'DNS_CLUSTER'
 is_procces_running
 remote_dns_health_check
@@ -42,7 +43,7 @@ fi
 for cluster in $hosts; do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Deleting source records
     cluster_cmd v-delete-dns-domains-src $DNS_USER $HOSTNAME 'no'

diff --git a/bin/v-delete-remote-dns-host b/bin/v-delete-remote-dns-host
@@ -48,7 +48,7 @@ if [ "$check_cluster" -eq '0' ]; then
     cmd="sudo $HESTIA/bin/v-update-sys-queue dns-cluster"
     check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
     if [ ! -z "$check_cron" ]; then
-        eval $check_cron
+        parse_object_kv_list "$check_cron"
         $BIN/v-delete-cron-job admin "$JOB"
     fi
 fi

diff --git a/bin/v-delete-remote-dns-record b/bin/v-delete-remote-dns-record
@@ -41,7 +41,7 @@ IFS=$'\n'
 for cluster in $(cat $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing serial
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

diff --git a/bin/v-delete-web-domain-ssl-force b/bin/v-delete-web-domain-ssl-force
@@ -39,7 +39,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Remove forcessl configs
 if [ -f $HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.forcessl.conf ]; then

diff --git a/bin/v-delete-web-domain-ssl-hsts b/bin/v-delete-web-domain-ssl-hsts
@@ -39,7 +39,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Check for Apache/Nginx or Nginx/PHP-FPM configuration
 if [ -z $PROXY_SYSTEM ]; then

diff --git a/bin/v-list-cron-job b/bin/v-list-cron-job
@@ -84,7 +84,7 @@ if [ -z "$cron_line" ]; then
 fi
 
 # Parsing cron job
-eval $cron_line
+parse_object_kv_list "$cron_line"
 
 # Replacing quoted and backslahed text
 CMD=$(echo "$CMD" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")

diff --git a/bin/v-list-cron-jobs b/bin/v-list-cron-jobs
@@ -23,7 +23,7 @@ json_list() {
     objects=$(grep JOB $USER_DATA/cron.conf |wc -l)
     echo "{"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         CMD=$(echo "$CMD" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
         echo -n '    "'$JOB'": {
         "MIN": "'$MIN'",
@@ -54,7 +54,7 @@ shell_list() {
     echo "JOB^MIN^HOUR^MONTH^WDAY^COMMAND"
     echo "---^---^----^-----^----^-------"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         CMD=$(echo "$CMD" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
         echo "$JOB^$MIN^$HOUR^$MONTH^$WDAY^$CMD"
     done < <(cat $USER_DATA/cron.conf)
@@ -64,7 +64,7 @@ shell_list() {
 plain_list() {
     IFS=$'\n'
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         CMD=$(echo "$CMD" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
         echo -ne "$JOB\t$MIN\t$HOUR\t$MONTH\t$WDAY\t$CMD\t"
         echo -e "$SUSPENDED\t$TIME\t$DATE"
@@ -76,7 +76,7 @@ csv_list() {
     IFS=$'\n'
     echo  "MIN,HOUR,DAY,WDAY,CMD,SUSPENDED,TIME,DATE"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         CMD=$(echo "$CMD" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
         echo -n "$JOB,$MIN,$HOUR,$MONTH,$WDAY,\"$CMD\","
         echo "$SUSPENDED,$TIME,$DATE"

diff --git a/bin/v-list-database b/bin/v-list-database
@@ -75,7 +75,7 @@ is_object_valid 'db' 'DB' "$database"
 #----------------------------------------------------------#
 
 # Parsing database
-eval $(grep "DB='$database'" $USER_DATA/db.conf)
+parse_object_kv_list $(grep "DB='$database'" $USER_DATA/db.conf)
 
 # Listing data
 case $format in

diff --git a/bin/v-list-database-hosts b/bin/v-list-database-hosts
@@ -32,7 +32,7 @@ json_list() {
     for type in $(echo $DB_SYSTEM |sed -e 's/,/\n/'); do
         if [ -e "$HESTIA/conf/$type.conf" ]; then
             for str in $(cat $HESTIA/conf/$type.conf); do
-                eval $str
+                parse_object_kv_list "$str"
         echo -n '    {
         "HOST": "'$HOST'",
         "TYPE": "'$type'",
@@ -65,7 +65,7 @@ shell_list() {
     for type in $(echo $DB_SYSTEM |sed -e 's/,/\n/'); do
         if [ -e "$HESTIA/conf/$type.conf" ]; then
             for str in $(cat $HESTIA/conf/$type.conf); do
-                eval $str
+                parse_object_kv_list "$str"
                 echo "$HOST $type $MAX_DB $U_DB_BASES $SUSPENDED $TIME $DATE"
             done
         fi
@@ -78,7 +78,7 @@ plain_list() {
     for type in $(echo $DB_SYSTEM |sed -e 's/,/\n/'); do
         if [ -e "$HESTIA/conf/$type.conf" ]; then
             for str in $(cat $HESTIA/conf/$type.conf); do
-                eval $str
+                parse_object_kv_list "$str"
                 echo -ne "$HOST\t$type\t$CHARSETS\t$MAX_DB\t$U_SYS_USERS\t"
                 echo -e "$U_DB_BASES\t$TPL\t$SUSPENDED\t$TIME\t$DATE"
             done
@@ -94,7 +94,7 @@ csv_list() {
     for type in $(echo $DB_SYSTEM |sed -e 's/,/\n/'); do
         if [ -e "$HESTIA/conf/$type.conf" ]; then
             for str in $(cat $HESTIA/conf/$type.conf); do
-                eval $str
+                parse_object_kv_list "$str"
                 echo -n "$HOST,$type,\"$CHARSETS\",$MAX_DB,\"$U_SYS_USERS\","
                 echo "$U_DB_BASES,$TPL,$SUSPENDED,$TIME,$DATE"
             done

diff --git a/bin/v-list-databases b/bin/v-list-databases
@@ -23,7 +23,7 @@ json_list() {
     objects=$(grep "DB=" $USER_DATA/db.conf |wc -l)
     echo "{"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo -n '    "'$DB'": {
         "DATABASE": "'$DB'",
         "DBUSER": "'$DBUSER'",
@@ -51,7 +51,7 @@ shell_list() {
     echo "DATABASE   USER   HOST   TYPE   DISK   SPND   DATE"
     echo "--------   ----   ----   ----   ----   ----   ----"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo "$DB $DBUSER $HOST $TYPE $U_DISK $SUSPENDED $DATE"
     done < <(cat $USER_DATA/db.conf)
 }
@@ -60,7 +60,7 @@ shell_list() {
 plain_list() {
     IFS=$'\n'
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo -ne "$DB\t$DBUSER\t$HOST\t$TYPE\t$CHARSET\t$U_DISK\t"
         echo -e "$SUSPENDED\t$TIME\t$DATE"
     done < <(cat $USER_DATA/db.conf)
@@ -71,7 +71,7 @@ csv_list() {
     IFS=$'\n'
     echo "DATABASE,DBUSER,HOST,TYPE,CHARSET,U_DISK,SUSPENDED,TIME,DATE"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo "$DB,$DBUSER,$HOST,$TYPE,$CHARSET,$U_DISK,$SUSPENDED,$TIME,$DATE"
     done < <(cat $USER_DATA/db.conf)
 }

diff --git a/bin/v-list-dns-domain b/bin/v-list-dns-domain
@@ -81,7 +81,7 @@ is_object_valid 'dns' 'DOMAIN' "$domain"
 #----------------------------------------------------------#
 
 # Parsing domain
-eval $(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)
 
 # Listing data
 case $format in

diff --git a/bin/v-list-dns-domains b/bin/v-list-dns-domains
@@ -23,7 +23,7 @@ json_list() {
     objects=$(grep DOMAIN $USER_DATA/dns.conf |wc -l)
     echo "{"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo -n '    "'$DOMAIN'": {
         "IP": "'$IP'",
         "TPL": "'$TPL'",
@@ -53,7 +53,7 @@ shell_list() {
     echo "DOMAIN   IP   TPL   TTL   REC   SPND   DATE"
     echo "------   --   ---   ---   ---   ----   ----"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo "$DOMAIN $IP $TPL $TTL $RECORDS $SUSPENDED $DATE"
     done < <(cat $USER_DATA/dns.conf)
 }
@@ -63,7 +63,7 @@ shell_list() {
 plain_list() {
     IFS=$'\n'
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo -ne "$DOMAIN\t$IP\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t"
         echo -e "$SRC\t$RECORDS\t$SUSPENDED\t$TIME\t$DATE"
     done < <(cat $USER_DATA/dns.conf)
@@ -75,7 +75,7 @@ csv_list() {
     IFS=$'\n'
     echo "DOMAIN,IP,TPL,TTL,EXP,SOA,SERIAL,SRC,RECORDS,SUSPENDED,TIME,DATE"
     while read str; do
-        eval $str
+        parse_object_kv_list "$str"
         echo -n "$DOMAIN,$IP,$TPL,$TTL,$EXP,$SOA,$SERIAL,"
         echo "$SRC,$RECORDS,$SUSPENDED,$TIME,$DATE"
     done < <(cat $USER_DATA/dns.conf)