Reject AS path regex containing ; and ".

An AS path regex will be considered as invalid if any of the ; and " characters are used. These characters could be used to inject arbitrary command due to the router command line interpretation. This is a temporary fix for issue #13 while waiting for something better.
gmazoyer · Feb 18, 2016 · 308173b · 308173b
1 parent 5ffb6df
commit 308173b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/includes/config.defaults.php b/includes/config.defaults.php
@@ -122,7 +122,7 @@
     'as-path-regex' => array(
       'command' => 'show route as-path-regex AS_PATH_REGEX',
       'description' => 'Show the routes matching the given AS path regular expression.',
-      'parameter' => 'The parameter must be a valid AS path regular expression.<br />Please note that these expression can change depending on the router and its software.<br /><br />Here are some examples:<ul><li><strong>Juniper</strong> - ^AS1 AS2 .*$</li><li><strong>Cisco</strong> - ^AS1_</li><li><strong>BIRD</strong> - AS1 AS2 AS3 &hellip; ASZ</li></ul><br />You may find some help with the following link:<br /><ul><li><a href="http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-route-aspath-regex.html" title="Juniper Documentation">Juniper Documentation</a></li><li><a href="http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-toc.html#asregexp" title="Cisco Documentation">Cisco Documentation</a></li><li><a href="http://bird.network.cz/?get_doc&f=bird-5.html" title="BIRD Documentation">BIRD Documentation</a> (search for bgpmask)</li></ul>'
+      'parameter' => 'The parameter must be a valid AS path regular expression and must not contain any " characters (the input will be automatically quoted if needed).<br />Please note that these expressions can change depending on the router and its software.<br /><br />Here are some examples:<ul><li><strong>Juniper</strong> - ^AS1 AS2 .*$</li><li><strong>Cisco</strong> - ^AS1_</li><li><strong>BIRD</strong> - AS1 AS2 AS3 &hellip; ASZ</li></ul><br />You may find some help with the following link:<br /><ul><li><a href="http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-route-aspath-regex.html" title="Juniper Documentation">Juniper Documentation</a></li><li><a href="http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-toc.html#asregexp" title="Cisco Documentation">Cisco Documentation</a></li><li><a href="http://bird.network.cz/?get_doc&f=bird-5.html" title="BIRD Documentation">BIRD Documentation</a> (search for bgpmask)</li></ul>'
     ),
     // Documentation for the 'as' query
     'as' => array(

diff --git a/includes/utils.php b/includes/utils.php
@@ -209,10 +209,22 @@ function match_as($as) {
 }
 
 function match_aspath_regex($aspath_regex) {
+  // Empty AS path regex
   if (empty($aspath_regex)) {
     return false;
   }
 
+  // AS path containing a ; (not a valid character)
+  if (strpos($aspath_regex, ';') !== false) {
+    return false;
+  }
+
+  // AS path containing a " (not a valid character, the string is automatically
+  // quoted if needed)
+  if (strpos($aspath_regex, '"') !== false) {
+    return false;
+  }
+
   // TODO: validate a regex with a regex?
   return true;
 }