MrUnknownDE/utools
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/utools.git synced 2026-04-18 21:53:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix CodeQL-Alerts

Browse Source
This commit is contained in:
MrUnknownDE
2026-03-05 19:32:01 +01:00
parent b3c7a7bef3
commit d119ecf4a2
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/utils.js
View File

@@ -330,6 +330,11 @@ function checkPort(port, host, timeout = 2000) {
resolve({ port, status, service, error: err.code }); resolve({ port, status, service, error: err.code });
}); });
// Explicit inline guard (defence-in-depth; also satisfies CodeQL SSRF dataflow)
if (!isValidIp(host) || isPrivateIp(host)) {
socket.destroy();
return resolve({ port, status: 'error', service, error: 'Restricted IP' });
}
socket.connect(port, host); socket.connect(port, host);
}); });
} }

6
frontend/app/script.js
View File

@@ -441,7 +441,7 @@ document.addEventListener('DOMContentLoaded', () => {
throw new Error(data.error || `Network response: ${response.statusText} (${response.status})`); throw new Error(data.error || `Network response: ${response.statusText} (${response.status})`);
} }
console.log(`Received Lookup Info for ${ipToLookup}:`, data); console.log('Received Lookup Info for', ipToLookup, ':', data);
currentLookupIp = data.ip; // Store the IP that was actually looked up currentLookupIp = data.ip; // Store the IP that was actually looked up
updateField(lookupIpAddressEl, data.ip); // Display the looked-up IP updateField(lookupIpAddressEl, data.ip); // Display the looked-up IP
@@ -464,7 +464,7 @@ document.addEventListener('DOMContentLoaded', () => {
if (lookupScanButton) lookupScanButton.disabled = false; if (lookupScanButton) lookupScanButton.disabled = false;
} catch (error) { } catch (error) {
console.error(`Failed to fetch lookup info for ${ipToLookup}:`, error); console.error('Failed to fetch lookup info for', ipToLookup, ':', error);
showLookupError(`Lookup failed: ${error.message}`); showLookupError(`Lookup failed: ${error.message}`);
if (lookupMapMessageEl) { if (lookupMapMessageEl) {
lookupMapMessageEl.textContent = 'Map could not be loaded due to an error.'; lookupMapMessageEl.textContent = 'Map could not be loaded due to an error.';
@@ -512,7 +512,7 @@ document.addEventListener('DOMContentLoaded', () => {
throw new Error(data.error || 'No A or AAAA records found.'); throw new Error(data.error || 'No A or AAAA records found.');
} catch (error) { } catch (error) {
console.error(`DNS resolution failed for ${domain}:`, error); console.error('DNS resolution failed for', domain, ':', error);
throw new Error(`Could not resolve domain: ${error.message}`); throw new Error(`Could not resolve domain: ${error.message}`);
} }
} }