indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for ipv4 address within path

main
bashrc 2026-05-07 10:44:36 +01:00
parent de1f7cd764
commit 9c0be66d5d
6 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
daemon.py
View File

@ -257,7 +257,8 @@ class PubServer(BaseHTTPRequestHandler):
def do_PROPFIND(self): def do_PROPFIND(self):
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path PROPFIND ' + self.path) print('WARN: bad path PROPFIND ' + self.path)
http_400(self) http_400(self)
return return
@ -267,7 +268,8 @@ class PubServer(BaseHTTPRequestHandler):
def do_PUT(self): def do_PUT(self):
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path PUT ' + self.path) print('WARN: bad path PUT ' + self.path)
http_400(self) http_400(self)
return return
@ -277,7 +279,8 @@ class PubServer(BaseHTTPRequestHandler):
def do_REPORT(self): def do_REPORT(self):
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path REPORT ' + self.path) print('WARN: bad path REPORT ' + self.path)
http_400(self) http_400(self)
return return
@ -287,7 +290,8 @@ class PubServer(BaseHTTPRequestHandler):
def do_DELETE(self): def do_DELETE(self):
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path DELETE ' + self.path) print('WARN: bad path DELETE ' + self.path)
http_400(self) http_400(self)
return return

3
daemon_get.py
View File

@ -252,7 +252,8 @@ def daemon_http_get(self) -> None:
""" """
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path GET ' + self.path) print('WARN: bad path GET ' + self.path)
http_400(self) http_400(self)
return return

3
daemon_head.py
View File

@ -34,7 +34,8 @@ def daemon_http_head(self) -> None:
""" """
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path HEAD ' + self.path) print('WARN: bad path HEAD ' + self.path)
http_400(self) http_400(self)
return return

3
daemon_post.py
View File

@ -162,7 +162,8 @@ def daemon_http_post(self) -> None:
""" """
if self.server.starting_daemon: if self.server.starting_daemon:
return return
if check_bad_path(self.path): if check_bad_path(self.path,
self.server.allow_local_network_access):
print('WARN: bad path POST ' + self.path) print('WARN: bad path POST ' + self.path)
http_400(self) http_400(self)
return return

20
tests.py
View File

@ -88,6 +88,7 @@ from timeFunctions import date_utcnow
from timeFunctions import convert_published_to_local_timezone from timeFunctions import convert_published_to_local_timezone
from timeFunctions import date_string_to_seconds from timeFunctions import date_string_to_seconds
from timeFunctions import date_seconds_to_string from timeFunctions import date_seconds_to_string
from utils import contains_ipv4_address
from utils import remove_eol from utils import remove_eol
from utils import text_in_file from utils import text_in_file
from utils import convert_to_snake_case from utils import convert_to_snake_case
@ -9825,6 +9826,24 @@ def _test_domain_check() -> None:
assert resembles_domain('[abc:def:abc]') assert resembles_domain('[abc:def:abc]')
def _test_ip_address_detect() -> None:
print('test_ip_address_detect')
text = 'This is a test'
assert contains_ipv4_address(text) is False
text = 'some text http://somerandomdomain.com some other text'
assert contains_ipv4_address(text) is False
text = 'blah blah http://1.2.3.4'
assert contains_ipv4_address(text) is True
text = 'blah blah http://1.2.3.4 and some other text'
assert contains_ipv4_address(text) is True
text = 'blah blah http://1.2.3.4/about and some other text'
assert contains_ipv4_address(text) is True
def run_all_tests(): def run_all_tests():
base_dir = os.getcwd() base_dir = os.getcwd()
data_dir_testing(base_dir) data_dir_testing(base_dir)
@ -9843,6 +9862,7 @@ def run_all_tests():
_test_checkbox_names() _test_checkbox_names()
_test_thread_functions() _test_thread_functions()
_test_functions() _test_functions()
_test_ip_address_detect()
_test_domain_check() _test_domain_check()
_test_post_collection() _test_post_collection()
_test_micron_blog(base_dir) _test_micron_blog(base_dir)

25
utils.py
View File

@ -4046,7 +4046,25 @@ def get_instance_url(calling_domain: str,
return instance_url return instance_url
def check_bad_path(path: str): def contains_ipv4_address(path: str) -> bool:
"""Returns true if the given string contains an IP address
"""
if '://' not in path:
return False
domain = path.split('://')[1]
if '/' in domain:
domain = domain.split('/')[0]
if ' ' in domain:
domain = domain.split(' ')[0]
if '.' not in domain:
return False
domain_without_dots = domain.replace('.', '')
if domain_without_dots.isdigit():
return True
return False
def check_bad_path(path: str, allow_local_network_access: bool):
"""for http GET or POST check that the path looks valid """for http GET or POST check that the path looks valid
""" """
path_lower: str = path.lower() path_lower: str = path.lower()
@ -4078,6 +4096,11 @@ def check_bad_path(path: str):
if string_contains(path_lower, bad_strings): if string_contains(path_lower, bad_strings):
return True return True
if not allow_local_network_access:
if contains_ipv4_address(path_lower):
return True
return False return False