From 7d1cf435f750a28e84564735da3a459fe7e938f1 Mon Sep 17 00:00:00 2001 From: Eric Callahan Date: Mon, 20 Dec 2021 08:37:54 -0500 Subject: [PATCH] authorization: report invalid "trusted_clients" Add warnings that are reported to clients and logged if an invalid trusted client is detected. Signed-off-by: Eric Callahan --- moonraker/components/authorization.py | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py index 5b482e1..ae85769 100644 --- a/moonraker/components/authorization.py +++ b/moonraker/components/authorization.py @@ -141,9 +141,9 @@ class Authorization: " permitted in the top level domain.") if domain.endswith("/"): self.server.add_warning( - f"Invalid domain '{domain}' in option 'cors_domains', " - "section [authorization]. Domain's cannot contain a " - "trailing slash.") + f"[authorization]: Invalid domain '{domain}' in option " + "'cors_domains'. Domain's cannot contain a trailing " + "slash.") else: self.cors_domains.append( domain.replace(".", "\\.").replace("*", ".*")) @@ -164,13 +164,24 @@ class Authorization: # Check ip network try: tc = ipaddress.ip_network(val) - except ValueError: + except ValueError as e: + if "has host bits set" in str(e): + self.server.add_warning( + f"[authorization]: Invalid CIDR expression '{val}' " + "in option 'trusted_clients'") + continue pass else: self.trusted_ranges.append(tc) continue # Check hostname - self.trusted_domains.append(val.lower()) + match = re.match(r"([a-z0-9]+(-[a-z0-9]+)*\.?)+[a-z]{2,}$", val) + if match is not None: + self.trusted_domains.append(val.lower()) + else: + self.server.add_warning( + f"[authorization]: Invalid domain name '{val}' " + "in option 'trusted_clients'") t_clients = "\n".join( [str(ip) for ip in self.trusted_ips] +