More security in TLV analysis

2021-01-01 18:41:01 +01:00 · 2021-01-01 18:41:01 +01:00 · 88ab6f5c76
parent b70fbc75d1
commit 88ab6f5c76
1 changed files with 6 additions and 2 deletions
--- a/squinnondation/messages.py
+++ b/squinnondation/messages.py
@ -120,7 +120,7 @@ class PadNTLV(TLV):

    def handle(self, squirrel: Any, sender: Any) -> None:
        # TODO Add some easter eggs
-        squirrel.add_system_message(f"I received {self.length} zeros, am I so a bag guy ? :cold_sweat:")
+        squirrel.add_system_message(f"I received {self.length} zeros, am I so a bad guy ? :cold_sweat:")

    @staticmethod
    def construct(length: int) -> "PadNTLV":
@ -201,6 +201,11 @@ class NeighbourTLV(TLV):
    ip_address: IPv6Address
    port: int

+    def validate_data(self) -> bool:
+        if not (1 <= self.port <= 65535):
+            raise ValueError(f"Invalid port received in NeighbourTLV: {self.port}")
+        return True
+
    def unmarshal(self, raw_data: bytes) -> None:
        self.type = raw_data[0]
        self.length = raw_data[1]
@ -259,7 +264,6 @@ class DataTLV(TLV):
    def handle(self, squirrel: Any, sender: Any) -> None:
        """
        A message has been sent. We log it.
-        TODO: Check that the tuple (sender_id, nonce) is unique to avoid duplicates.
        """
        msg = self.data.decode('UTF-8')