mirror
/
goirc
mirror of https://github.com/fluffle/goirc
1
0
Fork 0
Code Issues Releases Wiki Activity

client: commands: protection against IRC command injection

This commit is contained in:
StalkR 2013-03-06 22:46:10 +01:00
parent 9d069586a7
commit 45ecc205ff
1 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
client/commands.go
View File

@ -9,23 +9,30 @@ import "strings"
// the symbol table and add methods/functions on the fly // the symbol table and add methods/functions on the fly
// [ CMD, FMT, FMTARGS ] etc. // [ CMD, FMT, FMTARGS ] etc.
// safe removes CR/LF to avoid IRC command injection.
func safe(s string) string {
s = strings.Replace(s, "\r", "", -1)
s = strings.Replace(s, "\n", "", -1)
return s
}
// Raw() sends a raw line to the server, should really only be used for // Raw() sends a raw line to the server, should really only be used for
// debugging purposes but may well come in handy. // debugging purposes but may well come in handy.
func (conn *Conn) Raw(rawline string) { conn.out <- rawline } func (conn *Conn) Raw(rawline string) { conn.out <- rawline }
// Pass() sends a PASS command to the server // Pass() sends a PASS command to the server
func (conn *Conn) Pass(password string) { conn.out <- "PASS " + password } func (conn *Conn) Pass(password string) { conn.out <- safe("PASS " + password) }
// Nick() sends a NICK command to the server // Nick() sends a NICK command to the server
func (conn *Conn) Nick(nick string) { conn.out <- "NICK " + nick } func (conn *Conn) Nick(nick string) { conn.out <- safe("NICK " + nick) }
// User() sends a USER command to the server // User() sends a USER command to the server
func (conn *Conn) User(ident, name string) { func (conn *Conn) User(ident, name string) {
conn.out <- "USER " + ident + " 12 * :" + name conn.out <- safe("USER " + ident + " 12 * :" + name)
} }
// Join() sends a JOIN command to the server // Join() sends a JOIN command to the server
func (conn *Conn) Join(channel string) { conn.out <- "JOIN " + channel } func (conn *Conn) Join(channel string) { conn.out <- safe("JOIN " + channel) }
// Part() sends a PART command to the server with an optional part message // Part() sends a PART command to the server with an optional part message
func (conn *Conn) Part(channel string, message ...string) { func (conn *Conn) Part(channel string, message ...string) {
@ -33,7 +40,7 @@ func (conn *Conn) Part(channel string, message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- "PART " + channel + msg conn.out <- safe("PART " + channel + msg)
} }
// Kick() sends a KICK command to remove a nick from a channel // Kick() sends a KICK command to remove a nick from a channel
@ -42,7 +49,7 @@ func (conn *Conn) Kick(channel, nick string, message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- "KICK " + channel + " " + nick + msg conn.out <- safe("KICK " + channel + " " + nick + msg)
} }
// Quit() sends a QUIT command to the server with an optional quit message // Quit() sends a QUIT command to the server with an optional quit message
@ -51,20 +58,20 @@ func (conn *Conn) Quit(message ...string) {
if msg == "" { if msg == "" {
msg = conn.cfg.QuitMessage msg = conn.cfg.QuitMessage
} }
conn.out <- "QUIT :" + msg conn.out <- safe("QUIT :" + msg)
} }
// Whois() sends a WHOIS command to the server // Whois() sends a WHOIS command to the server
func (conn *Conn) Whois(nick string) { conn.out <- "WHOIS " + nick } func (conn *Conn) Whois(nick string) { conn.out <- safe("WHOIS " + nick) }
//Who() sends a WHO command to the server //Who() sends a WHO command to the server
func (conn *Conn) Who(nick string) { conn.out <- "WHO " + nick } func (conn *Conn) Who(nick string) { conn.out <- safe("WHO " + nick) }
// Privmsg() sends a PRIVMSG to the target t // Privmsg() sends a PRIVMSG to the target t
func (conn *Conn) Privmsg(t, msg string) { conn.out <- "PRIVMSG " + t + " :" + msg } func (conn *Conn) Privmsg(t, msg string) { conn.out <- safe("PRIVMSG " + t + " :" + msg) }
// Notice() sends a NOTICE to the target t // Notice() sends a NOTICE to the target t
func (conn *Conn) Notice(t, msg string) { conn.out <- "NOTICE " + t + " :" + msg } func (conn *Conn) Notice(t, msg string) { conn.out <- safe("NOTICE " + t + " :" + msg) }
// Ctcp() sends a (generic) CTCP message to the target t // Ctcp() sends a (generic) CTCP message to the target t
// with an optional argument // with an optional argument
@ -100,7 +107,7 @@ func (conn *Conn) Topic(channel string, topic ...string) {
if t != "" { if t != "" {
t = " :" + t t = " :" + t
} }
conn.out <- "TOPIC " + channel + t conn.out <- safe("TOPIC " + channel + t)
} }
// Mode() sends a MODE command to the server. This one can get complicated if // Mode() sends a MODE command to the server. This one can get complicated if
@ -115,7 +122,7 @@ func (conn *Conn) Mode(t string, modestring ...string) {
if mode != "" { if mode != "" {
mode = " " + mode mode = " " + mode
} }
conn.out <- "MODE " + t + mode conn.out <- safe("MODE " + t + mode)
} }
// Away() sends an AWAY command to the server // Away() sends an AWAY command to the server
@ -126,15 +133,15 @@ func (conn *Conn) Away(message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- "AWAY" + msg conn.out <- safe("AWAY" + msg)
} }
// Invite() sends an INVITE command to the server // Invite() sends an INVITE command to the server
func (conn *Conn) Invite(nick, channel string) { func (conn *Conn) Invite(nick, channel string) {
conn.out <- "INVITE " + nick + " " + channel conn.out <- safe("INVITE " + nick + " " + channel)
} }
// Oper() sends an OPER command to the server // Oper() sends an OPER command to the server
func (conn *Conn) Oper(user, pass string) { func (conn *Conn) Oper(user, pass string) {
conn.out <- "OPER " + user + " " + pass conn.out <- safe("OPER " + user + " " + pass)
} }