From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 24 Jan 2026 15:38:29 +0000 (+0000)
Subject: api: Don't perform search if the query is not a valid hostname
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f4e22d2d3b227f65a7d2aef091789f9a5755a03d;p=dbl.git

api: Don't perform search if the query is not a valid hostname

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/dbl/api/__init__.py b/src/dbl/api/__init__.py
index c9daa7d..d2795ea 100644
--- a/src/dbl/api/__init__.py
+++ b/src/dbl/api/__init__.py
@@ -23,6 +23,7 @@ import fastapi.security
 
 # Import the backend
 from .. import Backend
+from .. import util
 
 # Import middlewares
 from . import middlewares
@@ -65,6 +66,10 @@ def search(q: str):
 	"""
 	res = {}
 
+	# Check if the query is a valid FQDN
+	if not util.is_fqdn(q):
+		raise fastapi.HTTPException(400, "Not a valid FQDN: %s" % q)
+
 	# Perform the search
 	results = backend.search(q)