]> git.ipfire.org Git - dbl.git/commitdiff
projects / dbl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d18fa6)
api: Don't perform search if the query is not a valid hostname
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 24 Jan 2026 15:38:29 +0000 (15:38 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 24 Jan 2026 15:38:29 +0000 (15:38 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/dbl/api/__init__.py patch | blob | blame | history

diff --git a/src/dbl/api/__init__.py b/src/dbl/api/__init__.py
index c9daa7d3b7e8f9ccabec03a4fe15d89b07c61f50..d2795ea424ac593127973f7e0638913305a62362 100644 (file)
--- a/src/dbl/api/__init__.py
+++ b/src/dbl/api/__init__.py
@@ -23,6 +23,7 @@ import fastapi.security
 
 # Import the backend
 from .. import Backend
+from .. import util
 
 # Import middlewares
 from . import middlewares
@@ -65,6 +66,10 @@ def search(q: str):
        """
        res = {}
 
+       # Check if the query is a valid FQDN
+       if not util.is_fqdn(q):
+               raise fastapi.HTTPException(400, "Not a valid FQDN: %s" % q)
+
        # Perform the search
        results = backend.search(q)
 
A Domain Blocklist Compositor For IPFire