From 97e41eece0763490e372c82705e37c1645295b70 Mon Sep 17 00:00:00 2001 From: marko Date: Thu, 3 Oct 2024 16:19:54 +0200 Subject: [PATCH] added input sanitization --- chatbot/chatbot.go | 26 +++++-- chatbot/chatbot_test.go | 149 ++++++++++++++++++++-------------------- main.go | 2 +- ping/ping.go | 21 +++--- 4 files changed, 104 insertions(+), 94 deletions(-) diff --git a/chatbot/chatbot.go b/chatbot/chatbot.go index 1872d9b..eba90ad 100644 --- a/chatbot/chatbot.go +++ b/chatbot/chatbot.go @@ -6,6 +6,7 @@ import ( "regexp" "strings" "time" + "unicode/utf8" "github.com/xmppo/go-xmpp" "gopkg.in/ini.v1" @@ -71,19 +72,30 @@ func (nkbot *NekoUKrovuBot) Listen() { } func (nkbot *NekoUKrovuBot) handleChat(ch *xmpp.Chat) { - src := ch.Remote txt := ch.Text - if src == "sdsads" { + if !nkbot.sanitizeInput(txt) { return } if nkbot.checkForJelNekoUKrovu(txt) { - n := ping.Run() + n := ping.PingLocal255() nkbot.answer(fmt.Sprintf("%v uredjaja povezano", n)) } } +func (nkbot *NekoUKrovuBot) sanitizeInput(input string) bool { + if len(input) > 50 { + return false + } + + if !utf8.ValidString(input) { + return false + } + + return true +} + func (nkbot *NekoUKrovuBot) checkForJelNekoUKrovu(txt string) bool { normalizedText := strings.ToLower(txt) @@ -99,10 +111,10 @@ func (nkbot *NekoUKrovuBot) checkForJelNekoUKrovu(txt string) bool { func (nkbot *NekoUKrovuBot) answer(ans string) { chat := xmpp.Chat{ - Remote: "chatbottest@conference.dmz.rs", - Type: "groupchat", - Text: ans, - Stamp: time.Now(), + Remote: "chatbottest@conference.dmz.rs", + Type: "groupchat", + Text: ans, + Stamp: time.Now(), } n, err := nkbot.cl.Send(chat) diff --git a/chatbot/chatbot_test.go b/chatbot/chatbot_test.go index 28f12b7..df3ed91 100644 --- a/chatbot/chatbot_test.go +++ b/chatbot/chatbot_test.go @@ -9,85 +9,84 @@ func TestNekoUKrovuBot_checkForJelNekoUKrovu(t *testing.T) { txt string } tests := []struct { - name string - args args - want bool + name string + args args + want bool }{ - { - name: "matches 'jel neko u krovu'", - args: args{ - txt: "jel neko u krovu", - }, - want: true, - }, - { - name: "matches 'ima li koga na krovu'", - args: args{ - txt: "ima li koga na krovu", - }, - want: true, - }, - { - name: "does not match 'nema nikoga'", - args: args{ - txt: "nema nikoga", - }, - want: false, - }, - { - name: "matches 'koga ima na krovu'", - args: args{ - txt: "koga ima na krovu", - }, - want: true, - }, - { - name: "matches 'neko u krov'", - args: args{ - txt: "neko u krov", - }, - want: true, - }, - { - name: "case insensitive match 'EL NEKO krov'", - args: args{ - txt: "EL NEKO krov", - }, - want: true, - }, - { - name: "case insensitive match 'jel neko jebeno u krovu'", - args: args{ - txt: "jel neko jebeno u krovu", - }, - want: true, - }, - { - name: "case insensitive match 'buraz jel neko jebeno u krovu'", - args: args{ - txt: "buraz jel neko jebeno u krovu", - }, - want: true, - }, - { - name: "case insensitive match 'neko u krovu?'", - args: args{ - txt: "neko u krovu?", - }, - want: true, - }, - { - name: "case insensitive match 'u krovu?'", - args: args{ - txt: "u krovu?", - }, - want: false, - }, + { + name: "matches 'jel neko u krovu'", + args: args{ + txt: "jel neko u krovu", + }, + want: true, + }, + { + name: "matches 'ima li koga na krovu'", + args: args{ + txt: "ima li koga na krovu", + }, + want: true, + }, + { + name: "does not match 'nema nikoga'", + args: args{ + txt: "nema nikoga", + }, + want: false, + }, + { + name: "matches 'koga ima na krovu'", + args: args{ + txt: "koga ima na krovu", + }, + want: true, + }, + { + name: "matches 'neko u krov'", + args: args{ + txt: "neko u krov", + }, + want: true, + }, + { + name: "case insensitive match 'EL NEKO krov'", + args: args{ + txt: "EL NEKO krov", + }, + want: true, + }, + { + name: "case insensitive match 'jel neko jebeno u krovu'", + args: args{ + txt: "jel neko jebeno u krovu", + }, + want: true, + }, + { + name: "case insensitive match 'buraz jel neko jebeno u krovu'", + args: args{ + txt: "buraz jel neko jebeno u krovu", + }, + want: true, + }, + { + name: "case insensitive match 'neko u krovu?'", + args: args{ + txt: "neko u krovu?", + }, + want: true, + }, + { + name: "case insensitive match 'u krovu?'", + args: args{ + txt: "u krovu?", + }, + want: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - nkbot := &NekoUKrovuBot{ - } + nkbot := &NekoUKrovuBot{} if got := nkbot.checkForJelNekoUKrovu(tt.args.txt); got != tt.want { t.Errorf("NekoUKrovuBot.checkForJelNekoUKrovu() = %v, want %v", got, tt.want) } diff --git a/main.go b/main.go index bb31b7c..ee62e56 100644 --- a/main.go +++ b/main.go @@ -1,8 +1,8 @@ package main import ( - "log" "gitea.dmz.rs/bauljamic123arlijam/neko-u-krovu-bot/chatbot" + "log" ) func main() { diff --git a/ping/ping.go b/ping/ping.go index 5df9879..fdd5d91 100644 --- a/ping/ping.go +++ b/ping/ping.go @@ -7,7 +7,7 @@ import ( "sync" ) -func Run() int { +func PingLocal255() int { localIP, err := getLocalIP() if err != nil { fmt.Println("Error getting local IP:", err) @@ -15,7 +15,7 @@ func Run() int { } network := getNetworkPrefix(localIP) - + var wg sync.WaitGroup deviceCount := 0 mu := &sync.Mutex{} @@ -56,13 +56,12 @@ func getNetworkPrefix(ip net.IP) string { return fmt.Sprintf("%d.%d.%d.0", ip[0], ip[1], ip[2]) } - func ping(ip string) bool { - output, err := exec.Command("ping", "-c", "1", "-W", "1", ip).CombinedOutput() - - if err != nil { - return false - } - _ = output - return true -} \ No newline at end of file + output, err := exec.Command("ping", "-c", "1", "-W", "1", ip).CombinedOutput() + + if err != nil { + return false + } + _ = output + return true +}