sanitize ip address

author: kali <kali@leap.se> 2013-05-01 04:41:11 +0900
committer: kali <kali@leap.se> 2013-05-11 21:59:58 +0900
commit: 544717da3e95a553fa2af8555df6b4e06d9e5af2 (patch)
tree: 17011789c37a22fc52c2451f3e806245b6fc2237 /src/leap
parent: f74849f4c926a83190169cae570e9ec826fd46da (diff)
2 files changed, 24 insertions, 3 deletions
diff --git a/src/leap/services/eip/eipconfig.py b/src/leap/services/eip/eipconfig.py
index baf26bca..e6b93647 100644
--- a/src/leap/services/eip/eipconfig.py
+++ b/src/leap/services/eip/eipconfig.py
@@ -36,6 +36,7 @@ class EIPConfig(BaseConfig):
     """
     OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
     OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+")
+    IP_REGEX = re.compile("^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$")
 
     def __init__(self):
         BaseConfig.__init__(self)
@@ -90,7 +91,9 @@ class EIPConfig(BaseConfig):
             index = 0
             logger.warning("Provided an unknown gateway index %s, " +
                            "defaulting to 0")
-        return gateways[0]["ip_address"]
+        ip_addr = gateways[0]["ip_address"]
+        if self.IP_REGEX.search(ip_addr):
+            return ip_addr
 
     def get_client_cert_path(self,
                              providerconfig=None,
diff --git a/src/leap/services/eip/tests/test_eipconfig.py b/src/leap/services/eip/tests/test_eipconfig.py
index 1675472f..ce04c2fc 100644
--- a/src/leap/services/eip/tests/test_eipconfig.py
+++ b/src/leap/services/eip/tests/test_eipconfig.py
@@ -114,9 +114,9 @@ class EIPConfigTest(BaseLeapTest):
         self.assertEqual(
             config.get_clusters(), None)
 
-    def test_openvpnoptions(self):
+    def test_sanitize_config(self):
         """
-        check the sanitization of openvpn options
+        check the sanitization of options
         """
         # extra parameters
         data = copy.deepcopy(sample_config)
@@ -169,6 +169,24 @@ class EIPConfigTest(BaseLeapTest):
             {'cipher': 'AES-128-CBC',
              'tls-cipher': 'DHE-RSA-AES128-SHA'})
 
+        # bad_ip
+        data = copy.deepcopy(sample_config)
+        data['gateways'][0]["ip_address"] = "11.22.33.44;"
+        self.write_config(data)
+        config = EIPConfig()
+        config.load(self.configfile)
+        self.assertEqual(
+            config.get_gateway_ip(),
+            None)
+
+        data = copy.deepcopy(sample_config)
+        data['gateways'][0]["ip_address"] = "11.22.33.44`"
+        self.write_config(data)
+        config = EIPConfig()
+        config.load(self.configfile)
+        self.assertEqual(
+            config.get_gateway_ip(),
+            None)
 
 if __name__ == "__main__":
     unittest.main()
author	kali <kali@leap.se>	2013-05-01 04:41:11 +0900
committer	kali <kali@leap.se>	2013-05-11 21:59:58 +0900
commit	544717da3e95a553fa2af8555df6b4e06d9e5af2 (patch)
tree	17011789c37a22fc52c2451f3e806245b6fc2237 /src/leap
parent	f74849f4c926a83190169cae570e9ec826fd46da (diff)