admin/wireguard-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add basic server-side input validation (#435)

Browse Source 
This mitigates possible path traversal attacks by using
e.g. "../user" as a user name.
This commit is contained in:
Marcus Wichelmann
2023-12-25 20:07:47 +01:00
committed by GitHub
parent a06bce88e0
commit 13a4c05ff5
3 changed files with 58 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
model/wake_on_lan_host.go
View File

@@ -2,6 +2,7 @@ package model
import (
"errors"
"net"
"strings"
"time"
)
@@ -18,7 +19,13 @@ func (host WakeOnLanHost) ResolveResourceName() (string, error) {
return "", errors.New("mac Address is Empty")
}
resourceName = strings.ToUpper(resourceName)
return strings.ReplaceAll(resourceName, ":", "-"), nil
resourceName = strings.ReplaceAll(resourceName, ":", "-")
if _, err := net.ParseMAC(resourceName); err != nil {
return "", errors.New("invalid mac address")
}
return resourceName, nil
}
const WakeOnLanHostCollectionName = "wake_on_lan_hosts"