isup: block querying invalid/test TLDs & local names with dot in path

Includes tests, since that's how I verified that it used to be allowed.
sopel-irc · Sep 20, 2020 · 524a8b4 · 524a8b4
1 parent 2863d72
commit 524a8b4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/sopel/modules/isup.py b/sopel/modules/isup.py
@@ -40,10 +40,11 @@ def get_site_url(site):
 
         site = 'http://' + site
 
-    if '.' not in site:
-        # TODO: Make this more robust against e.g.
-        # .isup lanpeer/path/to/some/IoT.service
+    domain = site.split('/')[2]
+    if '.' not in domain:
         raise ValueError('I need a fully qualified domain name (with a dot).')
+    if domain.endswith(('.local', '.example', '.test', '.invalid', '.localhost')):
+        raise ValueError("I can't check LAN-local or invalid domains.")
 
     return site
 

diff --git a/test/modules/test_modules_isup.py b/test/modules/test_modules_isup.py
@@ -36,6 +36,8 @@ def test_get_site_url(site, expected):
     'steam://browsemedia',  # invalid protocol
     '://',  # invalid protocol (that's a weird one)
     'example',  # no TLD, no scheme
+    'something.local',  # LAN-local address
+    'lanmachine/path/to/iot.device',  # unqualified name with dot in path
 )