From 598ba3f33ce42e7d444be392fc8a809082cbab5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?=
 <stephane.lesimple+bastion@ovhcloud.com>
Date: Fri, 20 Dec 2024 13:30:31 +0000
Subject: [PATCH] fix: deny netblocks for nc, mtr, ping, alive plugins

---
 bin/plugin/open/alive | 5 +++++
 bin/plugin/open/mtr   | 5 +++++
 bin/plugin/open/nc    | 5 +++++
 bin/plugin/open/ping  | 5 +++++
 4 files changed, 20 insertions(+)

diff --git a/bin/plugin/open/alive b/bin/plugin/open/alive
index 32d900c10..a4c3a3f47 100755
--- a/bin/plugin/open/alive
+++ b/bin/plugin/open/alive
@@ -51,6 +51,11 @@ if (not $host) {
     osh_exit 'ERR_MISSING_PARAMETER', "Missing required host parameter";
 }
 
+if ($host =~ m{/}) {
+    help();
+    osh_exit 'ERR_INVALID_PARAMETER', "Please use a single IP, not a netblock";
+}
+
 osh_info "Waiting for $host to be alive...";
 my $startedat = Time::HiRes::gettimeofday();
 my $firstLoop = 1;
diff --git a/bin/plugin/open/mtr b/bin/plugin/open/mtr
index 75c9f2450..b7f0c62fd 100755
--- a/bin/plugin/open/mtr
+++ b/bin/plugin/open/mtr
@@ -42,6 +42,11 @@ if (not $host) {
     osh_exit 'ERR_MISSING_PARAMETER', "Missing required host parameter";
 }
 
+if ($host =~ m{/}) {
+    help();
+    osh_exit 'ERR_INVALID_PARAMETER', "Please use a single IP, not a netblock";
+}
+
 my @command = qw{ mtr --show-ips --aslookup -n };
 push @command, ($report ? '--report' : '--curses');
 push @command, $host;
diff --git a/bin/plugin/open/nc b/bin/plugin/open/nc
index af8435462..faa0cbfe5 100755
--- a/bin/plugin/open/nc
+++ b/bin/plugin/open/nc
@@ -59,6 +59,11 @@ if (!$fnret) {
     osh_exit $fnret;
 }
 
+if ($host =~ m{/}) {
+    help();
+    osh_exit 'ERR_INVALID_PARAMETER', "Please use a single IP, not a netblock";
+}
+
 osh_info "Checking whether TCP port $port of $host is reachable...";
 
 my $Sock = IO::Socket->new(
diff --git a/bin/plugin/open/ping b/bin/plugin/open/ping
index 2a9198d76..00e07281c 100755
--- a/bin/plugin/open/ping
+++ b/bin/plugin/open/ping
@@ -53,6 +53,11 @@ if (not $host) {
     osh_exit 'ERR_MISSING_PARAMETER', "Missing required host parameter";
 }
 
+if ($host =~ m{/}) {
+    help();
+    osh_exit 'ERR_INVALID_PARAMETER', "Please use a single IP, not a netblock";
+}
+
 my @command = qw{ ping };
 if ($count and $count > 0) {
     push @command, ('-c', $count);