From f464356bf7d16a12029318ed8483ca993271b289 Mon Sep 17 00:00:00 2001 From: Tom Kirkpatrick Date: Mon, 17 Sep 2018 08:45:40 +0200 Subject: [PATCH] fix(validation): improve hostname/ip validation Do not assume that an address that starts with a number is an IP address and expand validation to cover all FQDNs and IP addresses. Fix #766 --- app/lib/lnd/util.js | 3 ++- test/unit/__mocks__/dns.js | 13 +++++++++++++ test/unit/lnd/util.spec.js | 19 +++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 test/unit/__mocks__/dns.js create mode 100644 test/unit/lnd/util.spec.js diff --git a/app/lib/lnd/util.js b/app/lib/lnd/util.js index f08616c7..50ddfe2e 100644 --- a/app/lib/lnd/util.js +++ b/app/lib/lnd/util.js @@ -7,6 +7,7 @@ import { platform } from 'os' import { app } from 'electron' import isDev from 'electron-is-dev' import grpc from 'grpc' +import isFQDN from 'validator/lib/isFQDN' import isIP from 'validator/lib/isIP' import isPort from 'validator/lib/isPort' import get from 'lodash.get' @@ -117,7 +118,7 @@ export const validateHost = async host => { const lndPort = splits[1] // If the hostname starts with a number, ensure that it is a valid IP address. - if (lndHost.match(/^\d/) && !isIP(lndHost)) { + if (!isFQDN(lndHost, { require_tld: false }) && !isIP(lndHost)) { const error = new Error(`${lndHost} is not a valid IP address or hostname`) error.code = 'LND_GRPC_HOST_ERROR' return Promise.reject(error) diff --git a/test/unit/__mocks__/dns.js b/test/unit/__mocks__/dns.js new file mode 100644 index 00000000..607d0ba6 --- /dev/null +++ b/test/unit/__mocks__/dns.js @@ -0,0 +1,13 @@ +const dns = jest.genMockFromModule('dns') + +function lookup(hostname, options, callback = jest.fn()) { + let cb = callback + if (typeof options === 'function') { + cb = options + } + process.nextTick(cb, null, hostname) +} + +dns.lookup = lookup + +module.exports = dns diff --git a/test/unit/lnd/util.spec.js b/test/unit/lnd/util.spec.js new file mode 100644 index 00000000..9fd05636 --- /dev/null +++ b/test/unit/lnd/util.spec.js @@ -0,0 +1,19 @@ +import { validateHost } from 'lib/lnd/util' + +jest.mock('dns') + +describe('Util', function() { + describe('validateHost', () => { + it('should resolve true for valid hostnames', async () => { + await expect(validateHost('example.com')).resolves.toBeTruthy() + await expect(validateHost('localhost')).resolves.toBeTruthy() + await expect(validateHost('192.168.0.1')).resolves.toBeTruthy() + await expect(validateHost('11.111.11.111.rdns.example.com')).resolves.toBeTruthy() + }) + it('should reject for invalid hostnames', async () => { + await expect(validateHost('1+-000invlidhost')).rejects.toThrowErrorMatchingInlineSnapshot( + `"1+-000invlidhost is not a valid IP address or hostname"` + ) + }) + }) +})