add vpn cli checks

2021-03-24 21:24:27 +00:00 · 2021-03-24 21:24:27 +00:00 · f52f85bf83
commit f52f85bf83
parent aa7e3b6cb6
3 changed files with 21 additions and 3 deletions
--- a/cli/vpn.go
+++ b/cli/vpn.go
@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
+	"regexp"
 	"strings"

 	"github.com/golang/glog"
@ -19,6 +20,11 @@ const (
 	vpnLastIPConfFileRelative  = "/modules/kubernetes/wireguard/extra/last_ip.txt"
 )

+var (
+	allowedClientName = regexp.MustCompile(`^[a-zA-Z0-9 ]+$`)
+	allowedPubKey     = regexp.MustCompile(`^[a-zA-Z0-9=]$`)
+)
+
 // addVPNClient inserts new client config
 func addVPNClient(gitFs *GitFS, clientName, publicKey, clientsConfPath, ip string) error {
 	if clientName == "" {
@ -27,6 +33,13 @@ func addVPNClient(gitFs *GitFS, clientName, publicKey, clientsConfPath, ip strin
 	if publicKey == "" {
 		return fmt.Errorf("public key cannot be empty when creating new vpn config")
 	}
+	if !allowedClientName.Match([]byte(clientName)) {
+		return fmt.Errorf("client key must match '%s', got %s", allowedClientName.String(), clientName)
+	}
+	if !allowedPubKey.Match([]byte(publicKey)) {
+		return fmt.Errorf("client public key must match '%s', got '%s'", allowedPubKey.String(), publicKey)
+	}
+
 	contents := "[Peer]\n# friendly_name = " + clientName + "\nPublicKey = " + publicKey + "\nAllowedIPs = " + ip + "\n\n"
 	glog.Infof("adding the following config: \n%s", contents)
 	f, err := (*gitFs.fs).OpenFile(clientsConfPath, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644)