diff options
| author | Christian König <ckoenig@posteo.de> | 2022-09-27 00:40:09 +0300 |
|---|---|---|
| committer | Christian König <ckoenig@posteo.de> | 2022-09-27 00:40:09 +0300 |
| commit | 276c480f5001465d994dacf6e30d1e1c2d0a3b0b (patch) | |
| tree | e1dc3c05862603a24a43d0ea45db2c48ea2c065c | |
| parent | 25ba68104b1b9c6300d45920514a06c1cccdb516 (diff) | |
Return default port if non-numeric characters are set in pihole-FTL.conf for FTLPORT. FTL does the same in such case and provide the API on 4711no_port
Signed-off-by: Christian König <ckoenig@posteo.de>
| -rwxr-xr-x | advanced/Scripts/utils.sh | 8 | ||||
| -rw-r--r-- | test/test_any_utils.py | 4 |
2 files changed, 5 insertions, 7 deletions
diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index ef7ad219..1174fa62 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -82,16 +82,14 @@ getFTLAPIPort(){ if [ -s "$FTLCONFFILE" ]; then # if FTLPORT is not set in pihole-FTL.conf, use the default port ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)" - # Exploit prevention: unset the variable if there is malicious content - # Verify that the value read from the file is numeric - expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && unset ftl_api_port + # Exploit prevention: set the port to the default port if there is malicious (non-numeric) + # content set in pihole-FTL.conf + expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}" else # if there is no pihole-FTL.conf, use the default port ftl_api_port="${DEFAULT_FTL_PORT}" fi - # If the ftl_api_port contained malicious stuff, substitute with -1 - ftl_api_port=${ftl_api_port:=-1} echo "${ftl_api_port}" } diff --git a/test/test_any_utils.py b/test/test_any_utils.py index 6a1146ee..5b4075d9 100644 --- a/test/test_any_utils.py +++ b/test/test_any_utils.py @@ -92,7 +92,7 @@ def test_getFTLAPIPort_custom(host): def test_getFTLAPIPort_malicious(host): - """Confirms getFTLAPIPort returns -1 if the setting in pihole-FTL.conf contains non-digits""" + """Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits""" host.run( """ echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf @@ -104,7 +104,7 @@ def test_getFTLAPIPort_malicious(host): getFTLAPIPort """ ) - expected_stdout = "-1\n" + expected_stdout = "4711\n" assert expected_stdout == output.stdout |