MrUnknownDE/utools
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/utools.git synced 2026-05-06 06:16:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

rebase www template

Browse Source
This commit is contained in:
MrUnknownDE
2026-04-27 11:45:33 +02:00
parent 07bc5ffd9f
commit a42f1b87e9
27 changed files with 2574 additions and 4615 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/package-lock.json
Generated
+553 -512
View File
File diff suppressed because it is too large Load Diff
backend/utils.js
+8 -30
View File
@@ -287,7 +287,6 @@ function parseTracerouteLine(line) {
* @returns {Promise<{port: number, status: 'open'|'closed'|'timeout', service: string}>} A promise that resolves with the port status.
*/
function checkPort(port, host, timeout = 2000) {
// A small map of common ports to their services
const commonPorts = {
21: 'FTP', 22: 'SSH', 23: 'Telnet', 25: 'SMTP', 53: 'DNS', 80: 'HTTP',
110: 'POP3', 143: 'IMAP', 443: 'HTTPS', 445: 'SMB', 993: 'IMAPS',
@@ -296,45 +295,24 @@ function checkPort(port, host, timeout = 2000) {
};
const service = commonPorts[port] || 'Unknown';
return new Promise((resolve, reject) => {
// DEFENSE IN DEPTH: Prevent scanning of private IPs at the function level
if (!isValidIp(host) || isPrivateIp(host)) {
const error = new Error(`Scanning restricted: ${host} is not a valid public IP.`);
logger.warn({ host, port }, "Blocked attempt to scan restricted IP in checkPort");
return resolve({
port,
status: 'error',
service,
error: 'Restricted IP',
details: 'Scanning private or invalid IPs is not allowed.'
});
}
// Validate before any network operation — throw so CodeQL tracks this as a hard barrier
if (!isValidIp(host) || isPrivateIp(host)) {
logger.warn({ host, port }, 'Blocked attempt to scan restricted IP in checkPort');
throw new Error(`Scanning restricted: ${host} is not a valid public IP.`);
}
return new Promise((resolve) => {
const socket = new net.Socket();
socket.setTimeout(timeout);
socket.on('connect', () => {
socket.destroy();
resolve({ port, status: 'open', service });
});
socket.on('timeout', () => {
socket.destroy();
resolve({ port, status: 'timeout', service });
});
socket.on('connect', () => { socket.destroy(); resolve({ port, status: 'open', service }); });
socket.on('timeout', () => { socket.destroy(); resolve({ port, status: 'timeout', service }); });
socket.on('error', (err) => {
socket.destroy();
// 'ECONNREFUSED' is the key for a closed port. Other errors might be network issues.
const status = err.code === 'ECONNREFUSED' ? 'closed' : 'error';
resolve({ port, status, service, error: err.code });
});
// Explicit inline guard (defence-in-depth; also satisfies CodeQL SSRF dataflow)
if (!isValidIp(host) || isPrivateIp(host)) {
socket.destroy();
return resolve({ port, status: 'error', service, error: 'Restricted IP' });
}
socket.connect(port, host);
});
}