jostreff/wireguard-ui
1
0
Fork 0
mirror of https://github.com/ngoduykhanh/wireguard-ui.git synced 2025-05-24 00:24:06 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: add basic server-side input validation (#435)

Browse source 
This mitigates possible path traversal attacks by using
e.g. "../user" as a user name.
This commit is contained in:
Marcus Wichelmann 2023-12-25 20:07:47 +01:00 committed by GitHub
parent a06bce88e0
commit 13a4c05ff5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
model/wake_on_lan_host.go
View file

@ -2,6 +2,7 @@ package model
import (
"errors"
"net"
"strings"
"time"
)
@ -18,7 +19,13 @@ func (host WakeOnLanHost) ResolveResourceName() (string, error) {
return "", errors.New("mac Address is Empty")
}
resourceName = strings.ToUpper(resourceName)
return strings.ReplaceAll(resourceName, ":", "-"), nil
resourceName = strings.ReplaceAll(resourceName, ":", "-")
if _, err := net.ParseMAC(resourceName); err != nil {
return "", errors.New("invalid mac address")
}
return resourceName, nil
}
const WakeOnLanHostCollectionName = "wake_on_lan_hosts"