-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Video Decoder not sanitizing IP addresses. #325
Comments
Further on this; I'd like you to create this in a new helper class so we can write a test for the method. Place this class in the io package, and create a JUnit class for it aswell: public class NetworkUtil {
public Optional<String> findMatchingSubnetIP(final String subnet, final String ipText) {
...
}
} Given a subnet IP for (final String newAddress: ipAddresses) {
final Optional<String> ip = NetworkUtil.findMatchingSubnetIP(subnet, newAddress);
if (ip.isPresent()) {
eventPublisher.emit(new VideoValueA(ip.get(), config.portA()));
eventPublisher.emit(new VideoValueB(ip.get(), config.portB()));
initialized = true;
break;
}
} |
I am curious about why you suggest using [1-9] in he regex instead of \d. Won't using the former exclude the possibility of the number being zero? The broadcast ip should be constant, so I don't think it would really come up in this case anyway, but ip addresses can contain zeros, so could that throw off a generalized version? |
Yup, good point. As for the difference, see this
I think either are |
Was using the topside software yesterday and noticed that a
"/"
is appended to the front of the IP Address being sent to the Pi Camera's.@krs158 I think you meant to remove a letter from the start of the ip string:
should maybe be:
Using a Regular Expression
A safer way to handle this would be to use a Regular Expression. These are one of the coolest tools you have when it comes to working with strings. With a regular expression you can extract complicated patterns from a string without having to worry about these off by one errors.
You can use the
Pattern
class to come up with a pattern for your address, and match it against that.For example, this is how you can get an IP out of this string
asdasASD/192.168.88.123@!asdasd
What is pattern compile?
This is a Regular Expression to match an IP address. It was created to match the following pattern:
[^1-9]*
is any character that is not1
to9
, and*
means0
or more times[1-9]{1,3}
is a character from1
to9
and{1,3}
means 1 to 3 times repeating\\.
is the literal.
character. (whereas.
without\\
meansany
character)( ... )
means a group. anything in()
is a group and can be extracted from the patternSo in plain english, the long regex is:
Some amount of non numerical characters followed by a group, followed by some amount of non numerical characters. The group is 1-3 numbers
.
1-3 numbers.
1-3 numbers.
1-3 numbersMaking a regex for the subnet
In our case you need to make a regex to match our subnet. That might look something like this:
In the existing code you have a subnet where the
.
characters are not escaped properly192.168.88.
. You can get the pattern tool to do this callingPattern.quote("192.168.88.");
Final result
The text was updated successfully, but these errors were encountered: