From b8d2b4c0069046521fe1ec2c6ee65a154a98f81f Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Wed, 27 Sep 2023 17:35:01 +1000 Subject: [PATCH] bot: Regex check the domain to stop any injections --- bot.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bot.py b/bot.py index 926dd01..c829fa5 100644 --- a/bot.py +++ b/bot.py @@ -7,6 +7,7 @@ import dns.resolver import markdownify import subprocess import tempfile +import re load_dotenv() TOKEN = os.getenv('DISCORD_TOKEN') @@ -129,7 +130,15 @@ async def curl(ctx, url: str): @tree.command(name="ssl", description="Check SSL certificate") async def ssl(ctx, domain: str): + # Verify that the domain is valid + if not domain: + await ctx.response.send_message("Please provide a domain to check") + return + regexmatch = re.match(r"^([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+(-[a-z0-9]+)*)$", domain) + if not regexmatch: + await ctx.response.send_message("Please provide a valid domain to check") + return message = "" resolver = dns.resolver.Resolver() @@ -145,7 +154,7 @@ async def ssl(ctx, domain: str): message = message + "- " +str(record) + "\n" - if records.count < 1: + if records.count() < 1: await ctx.response.send_message(f"No A record found for {domain}") return