sanitize input data in modules/network.py

this patch adds a function to sanitize the host input data in modules/network.py. It also fixes a bug in isportopen and validates the give port Signed-off-by: Matthias Teege <matthias-git@mteege.de> Signed-off-by: Thomas S Hatch <thatch45@gmail.com>
2024-11-08 01:18:58 +00:00 · 2011-04-04 14:10:23 +02:00 · 2011-04-04 14:10:23 +02:00 · 3512096c57
commit 3512096c57
parent f855ad1a92
1 changed files with 11 additions and 5 deletions
--- a/salt/modules/network.py
+++ b/salt/modules/network.py
@ -3,6 +3,10 @@ Module for gathering and managing network information
 '''
 import subprocess
 from socket import *
+from string import ascii_letters, digits
+
+def _sanitize_host ( host ):
+    return "".join([c for c in host[0:255] if c in (ascii_letters + digits + '.')])

 def ping( host ):
    '''
@ -11,7 +15,7 @@ def ping( host ):
    CLI Example:
    salt '*' network.ping archlinux.org -c 4
    '''
-    cmd = 'ping -c 4 %s' % host
+    cmd = 'ping -c 4 %s' % _sanitize_host(host)

    out = subprocess.Popen(cmd,
            shell=True,
@ -66,7 +70,7 @@ def traceroute( host ):
    CLI Example:
    salt '*' network.traceroute archlinux.org
    '''
-    cmd = 'traceroute %s' % host
+    cmd = 'traceroute %s' % _sanitize_host(host)
    ret = []
    out = subprocess.Popen(cmd,
            shell=True,
@ -98,7 +102,7 @@ def dig( host ):
    CLI Example:
    salt '*' network.dig archlinux.org
    '''
-    cmd = 'dig %s' % host
+    cmd = 'dig %s' % _sanitize_host(host)

    out = subprocess.Popen(cmd,
            shell=True,
@ -113,8 +117,10 @@ def isportopen( host, port ):
    salt '*' network.isportopen 127.0.0.1 22
    '''

+    if not (1 <= int(port) <= 65535):
+        return False
+
    s = socket(AF_INET, SOCK_STREAM)
-    out = s.connect_ex((ip, int(port)))
+    out = s.connect_ex((_sanitize_host(host), int(port)))

    return out
-