wdes/security
1
0
Fork 0
Code Actions Packages Releases Activity

Validate IP addresses before insert

Browse Source
This commit is contained in:
William Desportes
2024-10-08 00:03:03 +02:00
parent 32d1abdcee
commit bc3f3fe34c
7 changed files with 159 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
snow-scanner/src/main.rs
View File

@ -37,7 +37,7 @@ use rocket_db_pools::Database;
use rocket_ws::WebSocket;
use server::Server;
use worker::detection::{detect_scanner, get_dns_client, Scanners};
use worker::detection::{detect_scanner, get_dns_client, validate_ip, Scanners};
use std::{
env, fmt,
@ -209,6 +209,10 @@ async fn handle_ip(mut conn: DbConn, ip: String) -> Result<Scanner, Option<Resol
match detect_scanner(&result) {
Ok(Some(scanner_type)) => {
if !validate_ip(query_address) {
error!("Invalid IP address: {ip}");
return Err(None);
}
match Scanner::find_or_new(query_address, scanner_type, result.result, &mut conn).await
{
Ok(scanner) => Ok(scanner),