Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate verification code input before sending it #103

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Validate verification code input before sending it #103

wants to merge 9 commits into from

Commits on Oct 17, 2024

  1. Validate verification code input before sending it 

    This makes sure that the verification code only contains characters a-z A-Z
0-9, and is of limited length.

Otherwise it is possible for a user to cause arbitrary data to be sent to the
server, including invalid JSON. This could be a problem if the JSON parser on
the receiving end has bugs.

For example, code input 'A"}BBBBBBBB...' would lead to JSON data
'{"session_id":"SESSIONID","pin":"A"}BBBBBBBB..."}' to be sent to the server.
    Martin Lambers committed Oct 17, 2024
    Configuration menu
    Copy the full SHA
    6027aa2 View commit details
    Browse the repository at this point in the history

  2. Add test for input_is_safe()

    Martin Lambers committed Oct 17, 2024
    Configuration menu
    Copy the full SHA
    813d9df View commit details
    Browse the repository at this point in the history

  3. Activate test for input_is_safe()

    Martin Lambers committed Oct 17, 2024
    Configuration menu
    Copy the full SHA
    4682d85 View commit details
    Browse the repository at this point in the history

  4. Fix input_is_safe() 

    Hooray for unit tests!
    Martin Lambers committed Oct 17, 2024
    Configuration menu
    Copy the full SHA
    d31762c View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2024

  1. Handle empty code input

    Martin Lambers committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    93a7f9f View commit details
    Browse the repository at this point in the history

  2. Check username validity

    Martin Lambers committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    fc3dfd7 View commit details
    Browse the repository at this point in the history

  3. Adapt unit test for new input_is_safe() version

    Martin Lambers committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    0b91f62 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'main' into validate-code-input

    @marlam
    marlam authored Oct 18, 2024
    Configuration menu
    Copy the full SHA
    526b7a4 View commit details
    Browse the repository at this point in the history

  5. Handle unavailable RHOST, and check RHOST for validity

    Martin Lambers committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    9d43607 View commit details
    Browse the repository at this point in the history