Browse Source

fix shell injection through ipv4, ipv6 address

Co-authored-by: 7megaumka7 <[email protected]>
pull/2669/head
Bernd Storath 3 weeks ago
parent
commit
9814b0491d
  1. 7
      src/server/database/repositories/client/types.ts

7
src/server/database/repositories/client/types.ts

@ -1,6 +1,7 @@
import type { InferSelectModel } from 'drizzle-orm';
import z from 'zod';
import { isIPv4, isIPv6 } from 'is-ip';
import type { client } from './schema';
export type ClientType = InferSelectModel<typeof client>;
@ -34,13 +35,15 @@ const address4 = z
.string({ message: t('zod.client.address4') })
.min(1, { message: t('zod.client.address4') })
.pipe(safeStringRefine)
.pipe(controlStringRefine);
.pipe(controlStringRefine)
.refine((v) => isIPv4(v));
const address6 = z
.string({ message: t('zod.client.address6') })
.min(1, { message: t('zod.client.address6') })
.pipe(safeStringRefine)
.pipe(controlStringRefine);
.pipe(controlStringRefine)
.refine((v) => isIPv6(v));
const filter = z.string().pipe(safeStringRefine).optional();

Loading…
Cancel
Save