To allow non-admin users to execute most op mode commands, we need to ensure they can't enter arguments that can lead to shell escapes.
A blanket ban on all special characters is too restrictive, so we need a way to relax it where needed.
One way to do that is to ensure that arguments follow specific formats. That can be done using constraint checks similar to those we already have in configuration mode.
We can use the same syntax as we use for configuration mode definitions, with <regex> and <validator> tags:
interfaceDefinition>
<tagNode name="ping">
<properties>
<help>Send Internet Control Message Protocol (ICMP) echo request</help>
<completionHelp>
<list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list>
</completionHelp>
<constraint>
<validator name="ip-address"/>
<validator name="fqdn"/>
</constraint>
</properties>
...We can probably omit support for constraint groups until we find a real case for that.
In the cache, it's probably a good idea to keep regex and validator constraints separate so that the runner can evaluate regexes first — it can do that internally. If none of the regexes match, then it can jump to much more expensive external checks.
"constraints": {
"regexes": [],
"validators": [
{
"name": "ip-address",
"argument": null
},
{
"name": "fqdn",
"argument": null
}
]
},