vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize input #805

Browse Source
This commit is contained in:
jokob-sk
2024-09-26 07:21:58 +10:00
parent 2fec3b6607
commit 6233f4d646
2 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
server/device.py
View File

@@ -4,7 +4,7 @@ import subprocess
import conf import conf
import os import os
import re import re
from helper import timeNowTZ, get_setting, get_setting_value, list_to_where, resolve_device_name_dig, resolve_device_name_pholus, get_device_name_nbtlookup, get_device_name_nslookup, check_IP_format from helper import timeNowTZ, get_setting, get_setting_value, list_to_where, resolve_device_name_dig, resolve_device_name_pholus, get_device_name_nbtlookup, get_device_name_nslookup, check_IP_format, sanitize_SQL_input
from logger import mylog, print_log from logger import mylog, print_log
from const import vendorsPath, vendorsPathNewest, sql_generateGuid from const import vendorsPath, vendorsPathNewest, sql_generateGuid
@@ -192,12 +192,12 @@ def create_new_devices (db):
{get_setting_value('NEWDEV_dev_NewDevice')}, {get_setting_value('NEWDEV_dev_NewDevice')},
{get_setting_value('NEWDEV_dev_SkipRepeated')}, {get_setting_value('NEWDEV_dev_SkipRepeated')},
{get_setting_value('NEWDEV_dev_ScanCycle')}, {get_setting_value('NEWDEV_dev_ScanCycle')},
'{get_setting_value('NEWDEV_dev_Owner')}', '{sanitize_SQL_input(get_setting_value('NEWDEV_dev_Owner'))}',
{get_setting_value('NEWDEV_dev_Favorite')}, {get_setting_value('NEWDEV_dev_Favorite')},
'{get_setting_value('NEWDEV_dev_Group')}', '{sanitize_SQL_input(get_setting_value('NEWDEV_dev_Group'))}',
'{get_setting_value('NEWDEV_dev_Comments')}', '{sanitize_SQL_input(get_setting_value('NEWDEV_dev_Comments'))}',
{get_setting_value('NEWDEV_dev_LogEvents')}, {get_setting_value('NEWDEV_dev_LogEvents')},
'{get_setting_value('NEWDEV_dev_Location')}'""" '{sanitize_SQL_input(get_setting_value('NEWDEV_dev_Location'))}'"""
# Fetch data from CurrentScan # Fetch data from CurrentScan
current_scan_data = sql.execute("SELECT cur_MAC, cur_Name, cur_Vendor, cur_IP, cur_SyncHubNodeName, cur_NetworkNodeMAC, cur_PORT, cur_NetworkSite, cur_SSID, cur_Type FROM CurrentScan").fetchall() current_scan_data = sql.execute("SELECT cur_MAC, cur_Name, cur_Vendor, cur_IP, cur_SyncHubNodeName, cur_NetworkNodeMAC, cur_PORT, cur_NetworkSite, cur_SSID, cur_Type FROM CurrentScan").fetchall()
@@ -232,19 +232,19 @@ def create_new_devices (db):
) )
VALUES VALUES
( (
'{cur_MAC}', '{sanitize_SQL_input(cur_MAC)}',
'{cur_Name}', '{sanitize_SQL_input(cur_Name)}',
'{cur_Vendor}', '{sanitize_SQL_input(cur_Vendor)}',
'{cur_IP}', '{sanitize_SQL_input(cur_IP)}',
?, ?,
?, ?,
'{cur_SyncHubNodeName}', '{sanitize_SQL_input(cur_SyncHubNodeName)}',
{sql_generateGuid}, {sql_generateGuid},
'{cur_NetworkNodeMAC}', '{sanitize_SQL_input(cur_NetworkNodeMAC)}',
'{cur_PORT}', '{sanitize_SQL_input(cur_PORT)}',
'{cur_NetworkSite}', '{sanitize_SQL_input(cur_NetworkSite)}',
'{cur_SSID}', '{sanitize_SQL_input(cur_SSID)}',
'{cur_Type}', '{sanitize_SQL_input(cur_Type)}',
{newDevDefaults} {newDevDefaults}
)""" )"""

6
server/helper.py
View File

@@ -806,6 +806,12 @@ def sanitize_string(input):
return input return input
#-------------------------------------------------------------------------------
def sanitize_SQL_input(val):
val = val.replace("'", '_')
return val
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
def generate_mac_links (html, deviceUrl): def generate_mac_links (html, deviceUrl):