mirror
/
goirc
mirror of https://github.com/fluffle/goirc
1
0
Fork 0
Code Issues Releases Wiki Activity

client: commands: route commands to Raw and add command injection protection there

This commit is contained in:
StalkR 2013-03-07 11:54:00 +01:00
parent 45ecc205ff
commit 8c5282eda1
1 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
client/commands.go
View File

@ -9,30 +9,32 @@ import "strings"
// the symbol table and add methods/functions on the fly // the symbol table and add methods/functions on the fly
// [ CMD, FMT, FMTARGS ] etc. // [ CMD, FMT, FMTARGS ] etc.
// safe removes CR/LF to avoid IRC command injection. func cutNewLines(s string) string {
func safe(s string) string { r := strings.SplitN(s, "\\r", 2)
s = strings.Replace(s, "\r", "", -1) r = strings.SplitN(r[0], "\\n", 2)
s = strings.Replace(s, "\n", "", -1) return r[0]
return s
} }
// Raw() sends a raw line to the server, should really only be used for // Raw() sends a raw line to the server, should really only be used for
// debugging purposes but may well come in handy. // debugging purposes but may well come in handy.
func (conn *Conn) Raw(rawline string) { conn.out <- rawline } func (conn *Conn) Raw(rawline string) {
// Avoid command injection by enforcing one command per line.
conn.out <- cutNewLines(rawline)
}
// Pass() sends a PASS command to the server // Pass() sends a PASS command to the server
func (conn *Conn) Pass(password string) { conn.out <- safe("PASS " + password) } func (conn *Conn) Pass(password string) { conn.Raw("PASS " + password) }
// Nick() sends a NICK command to the server // Nick() sends a NICK command to the server
func (conn *Conn) Nick(nick string) { conn.out <- safe("NICK " + nick) } func (conn *Conn) Nick(nick string) { conn.Raw("NICK " + nick) }
// User() sends a USER command to the server // User() sends a USER command to the server
func (conn *Conn) User(ident, name string) { func (conn *Conn) User(ident, name string) {
conn.out <- safe("USER " + ident + " 12 * :" + name) conn.Raw("USER " + ident + " 12 * :" + name)
} }
// Join() sends a JOIN command to the server // Join() sends a JOIN command to the server
func (conn *Conn) Join(channel string) { conn.out <- safe("JOIN " + channel) } func (conn *Conn) Join(channel string) { conn.Raw("JOIN " + channel) }
// Part() sends a PART command to the server with an optional part message // Part() sends a PART command to the server with an optional part message
func (conn *Conn) Part(channel string, message ...string) { func (conn *Conn) Part(channel string, message ...string) {
@ -40,7 +42,7 @@ func (conn *Conn) Part(channel string, message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- safe("PART " + channel + msg) conn.Raw("PART " + channel + msg)
} }
// Kick() sends a KICK command to remove a nick from a channel // Kick() sends a KICK command to remove a nick from a channel
@ -49,7 +51,7 @@ func (conn *Conn) Kick(channel, nick string, message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- safe("KICK " + channel + " " + nick + msg) conn.Raw("KICK " + channel + " " + nick + msg)
} }
// Quit() sends a QUIT command to the server with an optional quit message // Quit() sends a QUIT command to the server with an optional quit message
@ -58,20 +60,20 @@ func (conn *Conn) Quit(message ...string) {
if msg == "" { if msg == "" {
msg = conn.cfg.QuitMessage msg = conn.cfg.QuitMessage
} }
conn.out <- safe("QUIT :" + msg) conn.Raw("QUIT :" + msg)
} }
// Whois() sends a WHOIS command to the server // Whois() sends a WHOIS command to the server
func (conn *Conn) Whois(nick string) { conn.out <- safe("WHOIS " + nick) } func (conn *Conn) Whois(nick string) { conn.Raw("WHOIS " + nick) }
//Who() sends a WHO command to the server //Who() sends a WHO command to the server
func (conn *Conn) Who(nick string) { conn.out <- safe("WHO " + nick) } func (conn *Conn) Who(nick string) { conn.Raw("WHO " + nick) }
// Privmsg() sends a PRIVMSG to the target t // Privmsg() sends a PRIVMSG to the target t
func (conn *Conn) Privmsg(t, msg string) { conn.out <- safe("PRIVMSG " + t + " :" + msg) } func (conn *Conn) Privmsg(t, msg string) { conn.Raw("PRIVMSG " + t + " :" + msg) }
// Notice() sends a NOTICE to the target t // Notice() sends a NOTICE to the target t
func (conn *Conn) Notice(t, msg string) { conn.out <- safe("NOTICE " + t + " :" + msg) } func (conn *Conn) Notice(t, msg string) { conn.Raw("NOTICE " + t + " :" + msg) }
// Ctcp() sends a (generic) CTCP message to the target t // Ctcp() sends a (generic) CTCP message to the target t
// with an optional argument // with an optional argument
@ -107,7 +109,7 @@ func (conn *Conn) Topic(channel string, topic ...string) {
if t != "" { if t != "" {
t = " :" + t t = " :" + t
} }
conn.out <- safe("TOPIC " + channel + t) conn.Raw("TOPIC " + channel + t)
} }
// Mode() sends a MODE command to the server. This one can get complicated if // Mode() sends a MODE command to the server. This one can get complicated if
@ -122,7 +124,7 @@ func (conn *Conn) Mode(t string, modestring ...string) {
if mode != "" { if mode != "" {
mode = " " + mode mode = " " + mode
} }
conn.out <- safe("MODE " + t + mode) conn.Raw("MODE " + t + mode)
} }
// Away() sends an AWAY command to the server // Away() sends an AWAY command to the server
@ -133,15 +135,15 @@ func (conn *Conn) Away(message ...string) {
if msg != "" { if msg != "" {
msg = " :" + msg msg = " :" + msg
} }
conn.out <- safe("AWAY" + msg) conn.Raw("AWAY" + msg)
} }
// Invite() sends an INVITE command to the server // Invite() sends an INVITE command to the server
func (conn *Conn) Invite(nick, channel string) { func (conn *Conn) Invite(nick, channel string) {
conn.out <- safe("INVITE " + nick + " " + channel) conn.Raw("INVITE " + nick + " " + channel)
} }
// Oper() sends an OPER command to the server // Oper() sends an OPER command to the server
func (conn *Conn) Oper(user, pass string) { func (conn *Conn) Oper(user, pass string) {
conn.out <- safe("OPER " + user + " " + pass) conn.Raw("OPER " + user + " " + pass)
} }