bot: Regex check the domain to stop any injections
All checks were successful
Build Docker / Build Docker (push) Successful in 16s

This commit is contained in:
Nathan Woodburn 2023-09-27 17:35:01 +10:00
parent ec9421628d
commit b8d2b4c006
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1

11
bot.py
View File

@ -7,6 +7,7 @@ import dns.resolver
import markdownify import markdownify
import subprocess import subprocess
import tempfile import tempfile
import re
load_dotenv() load_dotenv()
TOKEN = os.getenv('DISCORD_TOKEN') TOKEN = os.getenv('DISCORD_TOKEN')
@ -129,7 +130,15 @@ async def curl(ctx, url: str):
@tree.command(name="ssl", description="Check SSL certificate") @tree.command(name="ssl", description="Check SSL certificate")
async def ssl(ctx, domain: str): async def ssl(ctx, domain: str):
# Verify that the domain is valid
if not domain:
await ctx.response.send_message("Please provide a domain to check")
return
regexmatch = re.match(r"^([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+(-[a-z0-9]+)*)$", domain)
if not regexmatch:
await ctx.response.send_message("Please provide a valid domain to check")
return
message = "" message = ""
resolver = dns.resolver.Resolver() resolver = dns.resolver.Resolver()
@ -145,7 +154,7 @@ async def ssl(ctx, domain: str):
message = message + "- " +str(record) + "\n" message = message + "- " +str(record) + "\n"
if records.count < 1: if records.count() < 1:
await ctx.response.send_message(f"No A record found for {domain}") await ctx.response.send_message(f"No A record found for {domain}")
return return