bot: Regex check the domain to stop any injections

2023-09-27 17:35:01 +10:00 · 2023-09-27 17:35:01 +10:00 · b8d2b4c006
commit b8d2b4c006
parent ec9421628d
1 changed files with 10 additions and 1 deletions
--- a/bot.py
+++ b/bot.py
@ -7,6 +7,7 @@ import dns.resolver
 import markdownify
 import subprocess
 import tempfile
+import re

 load_dotenv()
 TOKEN = os.getenv('DISCORD_TOKEN')
@ -129,7 +130,15 @@ async def curl(ctx, url: str):

@tree.command(name="ssl", description="Check SSL certificate")
 async def ssl(ctx, domain: str):
+    # Verify that the domain is valid
+    if not domain:
+        await ctx.response.send_message("Please provide a domain to check")
+        return
    
+    regexmatch = re.match(r"^([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+(-[a-z0-9]+)*)$", domain)
+    if not regexmatch:
+        await ctx.response.send_message("Please provide a valid domain to check")
+        return

    message = ""
    resolver = dns.resolver.Resolver()
@ -145,7 +154,7 @@ async def ssl(ctx, domain: str):
            message = message + "- " +str(record) + "\n"


-        if records.count < 1:
+        if records.count() < 1:
            await ctx.response.send_message(f"No A record found for {domain}")
            return