fix: fixed version and documentation for v0.7.3

savon-noir · Sep 1, 2022 · 926ba5f · 926ba5f
1 parent 3a49571
commit 926ba5f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/libnmap/objects/report.py b/libnmap/objects/report.py
@@ -411,6 +411,11 @@ def __ne__(self, other):
         return rval
 
     def __repr__(self):
+        """
+        Returns a string-based representation of the report
+
+        :return: string
+        """
         return "{0}: started at {1} hosts up {2}/{3}".format(
             self.__class__.__name__,
             self.started,

diff --git a/libnmap/process.py b/libnmap/process.py
@@ -486,24 +486,38 @@ def __build_windows_cmdline(self):
 
     @staticmethod
     def __validate_target(target):
-        # See https://nmap.org/book/man-target-specification.html for all the
-        # ways targets can be specified
+        """
+        Check if a provided target is valid. This function was created
+        in order to address CVE-2022-30284
+
+        See https://nmap.org/book/man-target-specification.html for all the
+        ways targets can be specified
+
+        This function verifies the following:
+
+        - matches the user specified target against a list of allowed chars
+        - check if dashes are used at the start or at the end of target
+
+        FQDN can contain dashes anywhere except at the beginning or end
+        This check also fixes/prevents CVE-2022-30284, which depends on being
+        able to pass options such as --script as a target
+
+        :return: False if target contains forbidden characters
+        """
         allowed_characters = frozenset(
             string.ascii_letters + string.digits + "-.:/% "
         )
         if not set(target).issubset(allowed_characters):
             raise Exception(
                 "Target '{}' contains invalid characters".format(target)
             )
-        # FQDN can contain dashes anywhere except at the beginning or end
-        # This check also fixes/prevents CVE-2022-30284, which depends on being
-        # able to pass options such as --script as a target
         elif target.startswith("-") or target.endswith("-"):
             raise Exception(
                 "Target '{}' cannot begin or end with a dash ('-')".format(
                     target
                 )
             )
+        return True
 
     @property
     def command(self):

diff --git a/setup.py b/setup.py
@@ -6,7 +6,7 @@
 
 setup(
     name="python-libnmap",
-    version="0.7.2",
+    version="0.7.3",
     author="Ronald Bister",
     author_email="[email protected]",
     packages=["libnmap", "libnmap.plugins", "libnmap.objects"],