Skip to content

πŸ›‘οΈ Sentinel: [HIGH] Fix Log Injection / CRLF Injection via IPv6 Scope ID #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ManupaKDU merged 1 commit into from
Apr 5, 2026
Merged

πŸ›‘οΈ Sentinel: [HIGH] Fix Log Injection / CRLF Injection via IPv6 Scope ID #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions test_testping1.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,19 @@ def test_is_reachable_prevents_log_injection(self, mock_call):
self.assertIn(r"Invalid timeout value: '1\nERROR:root:System Compromised'", log.output[0])
self.assertNotIn("\nERROR:root:System Compromised", log.output[0])

@patch('testping1.subprocess.call')
def test_is_reachable_ssrf_log_injection(self, mock_call):
"""Test is_reachable escapes log injection in the SSRF block using an IPv6 scope ID."""
# IPv6 permits a scope ID which can bypass validation if it contains a newline.
# This tests that the original `ip` string is escaped when logged by the SSRF filter.
malicious_ip = "fe80::1%eth0\nERROR:root:System Compromised"

with self.assertLogs(level='ERROR') as log:
self.assertFalse(is_reachable(malicious_ip))
self.assertIn(r"IP address not allowed for scanning: 'fe80::1%eth0\nERROR:root:System Compromised'", log.output[0])
self.assertNotIn("\nERROR:root:System Compromised", log.output[0])
mock_call.assert_not_called()

@patch('testping1.subprocess.call')
def test_is_reachable_subprocess_timeout(self, mock_call):
"""Test is_reachable handles subprocess.TimeoutExpired securely."""
Expand Down
5 changes: 4 additions & 1 deletion testping1.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,10 @@ def is_reachable(ip, timeout=1):
# Block loopback, link-local, multicast, unspecified, and reserved addresses from being pinged.
# reserved addresses include the broadcast address (255.255.255.255)
if ip_obj.is_loopback or ip_obj.is_link_local or ip_obj.is_multicast or ip_obj.is_unspecified or ip_obj.is_reserved:
logging.error(f"IP address not allowed for scanning: {ip}")
# πŸ›‘οΈ Sentinel: Sanitize log input using repr() to prevent CRLF/Log Injection
# IPv6 addresses can contain an arbitrary scope ID (e.g., %eth0\r\n) which is
# not sanitized by ipaddress.ip_address() and could allow log spoofing.
logging.error(f"IP address not allowed for scanning: {repr(ip)}")
return False

# πŸ›‘οΈ Sentinel: Validate timeout length to prevent CPU exhaustion (DoS)
Expand Down
Loading