feat: add hostname and IP validation in DnsMonitorUtil

2026-04-06 00:32:12 +02:00 · 2026-02-22 09:15:56 +00:00
parent b23236e85f
commit d75e7f8d10
1 changed files with 35 additions and 0 deletions
--- a/Probe/Utils/Monitors/MonitorTypes/DnsMonitor.ts
+++ b/Probe/Utils/Monitors/MonitorTypes/DnsMonitor.ts
@@ -278,11 +278,46 @@ export default class DnsMonitorUtil {
    return records;
  }

+  private static isValidHostnameOrIP(value: string): boolean {
+    if (!value || value.length === 0 || value.length > 253) {
+      return false;
+    }
+
+    // IPv4
+    const ipv4Pattern: RegExp = /^(\d{1,3}\.){3}\d{1,3}$/;
+    // IPv6 (simplified)
+    const ipv6Pattern: RegExp =
+      /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::$|^([0-9a-fA-F]{1,4}:)*:([0-9a-fA-F]{1,4}:)*[0-9a-fA-F]{1,4}$/;
+
+    if (ipv4Pattern.test(value) || ipv6Pattern.test(value)) {
+      return true;
+    }
+
+    // Hostname: only alphanumeric, hyphens, and dots allowed
+    const hostnamePattern: RegExp =
+      /^[a-zA-Z0-9]([a-zA-Z0-9\-.]*[a-zA-Z0-9])?$/;
+    return hostnamePattern.test(value);
+  }
+
  private static async checkDnssec(
    queryName: string,
    recordType: DnsRecordType,
    dnsServer?: string | undefined,
  ): Promise<boolean | undefined> {
+    // Validate queryName to prevent argument injection
+    if (!this.isValidHostnameOrIP(queryName)) {
+      throw new Error(
+        `Invalid query name: ${queryName}. Must be a valid hostname or IP address.`,
+      );
+    }
+
+    // Validate dnsServer if provided
+    if (dnsServer && !this.isValidHostnameOrIP(dnsServer)) {
+      throw new Error(
+        `Invalid DNS server: ${dnsServer}. Must be a valid hostname or IP address.`,
+      );
+    }
+
    return new Promise((resolve: (value: boolean | undefined) => void) => {
      const args: Array<string> = ["+dnssec", queryName, recordType];