Jump to content

[Suggestion/GUI Fix] IPv4 validation for Web Exclusions.


0xEBFE

Recommended Posts

Version: Malwarebytes Anti-Malware 2.2.0.1024

OS: Windows 7 x64 SP1 (en_US)

Issue: Users can manually add improper IPv4s for Web Exclusions (assuming you only want dotted-decimal notation) by the inclusion of spaces and leading 0's.

1) <SPACE><SPACE><SPACE>00000255.0.0.0
2) 000000000255.0.0.0<SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE>
3) 255.<SPACE><SPACE>0.<SPACE>0.<SPACE><SPACE><SPACE><SPACE>0

Fix: Test the user's input against a regular expression to validate that it would be contained within the IPv4 address space.
 

Psuedo-code for the fix:

string input = "255.255.255.255"; // This is whatever the user supplied input was// Optional: Trim all whitespace on input before testing it against the regular expressiontry {    // 0.0.0.0 - 255.255.255.255    std::regex re("^(([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$");    if (std::regex_match(input, re)) {        // Add it to the Web Exlusions    } else {        // Show 'Invalid address' error message    }} catch (std::regex_error& e) {    // Syntax error in the regular expression}

Limitations: This is intended for dotted-decimal notation only, even though IPv4's can be represented in other legitimate ways such as in dotted-hex and octal formats.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.