Initial work for #28. Need further testing

core/etc/tpl/shcf_cli/new/etc/binaries.conf

@@ -1,3 +1,6 @@
 #Add here binaries in the format example AWK_BIN:
 #
 #AWK_BIN=`which awk 2>/dev/null`
+CUT_BIN=$(which cut 2>/dev/null)
+GREP_BIN=$(which grep 2>/dev/null)
+TR_BIN=$(which tr 2>/dev/null)

core/etc/tpl/shcf_cli/new/etc/init.conf

@@ -13,5 +13,6 @@ declare -r SUCCESS=0
 declare -r FALSE=0
 declare -r TRUE=1
 
-. $CONF_DIR/binaries.conf                                         # PATHs per binaries
+. $CONF_DIR/binaries.conf                                        # PATHs per binaries
+. $CONF_DIR/override_binsecurity.conf                            # Overrides for binaries NOT in /usr, /sbin, /bin
 [[ -e $CONF_DIR/app_defs.conf ]]  && . $CONF_DIR/app_defs.conf   # application specific paths & vars here

core/etc/tpl/shcf_cli/new/etc/override_binsecurity.conf

@@ -0,0 +1,15 @@
+# ----------------------------------------------------
+# Overrides for security rule of binaries needing to be
+# in the following locations: /usr, /sbin, /bin
+#
+# Override binaries are prefixed with '__' (e.g. '__PYTHON3_BIN')
+# same variable name described in etc/binaries.conf.
+#
+# The full paths MUST BE manually checked/vetted and approved.
+# If there are multiple values, separate it with colon.
+#
+# ----------------------------------------------------
+# Example below to override PYTHON3_BIN and PIP_BIN:
+#
+#__PYTHON3_BIN="$OPT_DIR/venv/bin/python3:$HOME/AppData/Local/Microsoft/WindowsApps/python3"
+#__PIP_BIN="$OPT_DIR/venv/bin/pip:$HOME/AppData/Local/Microsoft/WindowsApps/pip"

core/etc/tpl/shcf_cli/new/lib/check_required_bin.bash.inc

@@ -0,0 +1,46 @@
+## -----------------------------------------------------------------------------------------
+## Cross-check and ensure binaries are located in either of the following paths:
+##   * /usr
+##   * /bin
+##   * /sbin
+##
+## and IF path does not start with the above (and IT IS intentional), override it via
+## etc/override_binsecurity.conf. Overridden variable should be prefixed with __. 
+## Example, to override PYTHON3_BIN, define __PYTHON3_BIN. If multiple values are
+## expected, delimit it with colon.
+##
+## For checking specific binary, pass the variable name without '$'
+## -----------------------------------------------------------------------------------------
+##
+check_required_bin() {
+  ##
+  ## $binlist = Only needed if checking for specific binary.
+  ## Defaults to checking src/etc/binaries.conf
+  ##
+  local binlist=${1:-"$($GREP_BIN -v ^\# $CONF_DIR/binaries.conf|$CUT_BIN -d'=' -f1)"}
+
+  autoload_functions "found_inarray"
+
+  for each_bin in $binlist; do
+    if [[ "${!each_bin}" = "" ]]; then
+        echo "[FATAL ERROR] Required '$each_bin' not installed. Aborting."
+        exit 1
+    ##
+    ## NOTE: Ideally, only those NOT MATCHING the pattern should be filtered.
+    ##       Can't find a working regex for it though. No-op statement is used instead
+    ##
+    elif [[ "${!each_bin}" =~ ^(/usr|/bin|/sbin) ]]; then
+        :
+    else
+        ## Check if overridden. IF NOT, say so and exit (like below).
+        ##
+        or_eachbin=__${each_bin}
+
+        or_found=$(found_inarray ${!each_bin} $(echo ${!or_eachbin}|$TR_BIN ":" " "))
+        if [[ ${or_found} -ne 1 ]]; then
+          echo "[FATAL ERROR] Suspicious binary detected for \$${each_bin}: ${!each_bin}"
+          exit 1
+        fi
+    fi
+  done
+}

core/etc/tpl/shcf_cli/new/lib/found_inarray.bash.inc

@@ -0,0 +1,12 @@
+### -------------------------------------------------
+### found_inarray: checks if a string is found
+### INPUT  : $* --> 1st word is the keyword to find
+### OUTPUT : 1 - IF FOUND. 0 Otherwise
+### -------------------------------------------------
+
+found_inarray() {
+  local var2find=$1
+  shift
+
+  echo "$*"|$GREP_BIN -c $var2find
+} ## END: found_inarray()

core/lib/create_bin.bash.inc

@@ -45,6 +45,7 @@ PROJECT_ROOTDIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )"/../ && pwd )"
 ## of course, edit function names
 ##
 function_to_autoload="
+check_required_bin
 rename_function1
 rename_function2
 rename_functionX