fix(monitor): DNS monitor hostname and other monitors URL validations (#6577)

Author: CommanderStorm

package-lock.json

@@ -122,8 +122,8 @@
         "net-snmp": "^3.11.2",
         "node-cloudflared-tunnel": "~1.0.9",
         "node-fetch-cache": "^5.1.0",
-        "nodemailer": "~7.0.12",
         "node-radius-utils": "~1.2.0",
+        "nodemailer": "~7.0.12",
         "nostr-tools": "^2.10.4",
         "notp": "~2.0.3",
         "openid-client": "^5.4.2",
@@ -149,6 +149,7 @@
         "thirty-two": "~1.0.2",
         "tldts": "^7.0.19",
         "tough-cookie": "~4.1.3",
+        "validator": "^13.15.26",
         "web-push": "^3.6.7",
         "ws": "^8.13.0"
     },

package.json

@@ -276,6 +276,11 @@
     "mqttWebsocketPathExplanation": "WebSocket path for MQTT over WebSocket connections (e.g., /mqtt)",
     "mqttWebsocketPathInvalid": "Please use a valid WebSocket Path format",
     "mqttHostnameTip": "Please use this format {hostnameFormat}",
+    "hostnameCannotBeIP": "DNS hostname cannot be an IP. Did you mean to use the resolver field?",
+    "invalidHostnameOrIP": "Invalid hostname or IP. Hostname must be a valid FQDN. Cannot use wildcard. Can have underscore, or end with a dot.",
+    "invalidDNSHostname": "Invalid hostname. Hostname must be a valid FQDN. Can be a wildcard, have underscore or end with a dot.",
+    "wildcardOnlyForDNS": "Wildcard hostnames are only supported for DNS monitors.",
+    "invalidURL": "Invalid URL",
     "successKeyword": "Success Keyword",
     "successKeywordExplanation": "MQTT Keyword that will be considered as success",
     "recent": "Recent",

src/lang/en.json

@@ -326,7 +326,6 @@
                                     v-model="monitor.hostname"
                                     type="text"
                                     class="form-control"
-                                    :pattern="`${monitor.type === 'mqtt' ? mqttIpOrHostnameRegexPattern : ipOrHostnameRegexPattern}`"
                                     required
                                     data-testid="hostname-input"
                                 >
@@ -1329,7 +1328,9 @@ import {
     MIN_INTERVAL_SECOND,
     sleep,
 } from "../util.ts";
-import { hostNameRegexPattern, timeDurationFormatter } from "../util-frontend";
+import { timeDurationFormatter } from "../util-frontend";
+import isFQDN from "validator/lib/isFQDN";
+import isIP from "validator/lib/isIP";
 import HiddenInput from "../components/HiddenInput.vue";
 import EditMonitorConditions from "../components/EditMonitorConditions.vue";
 
@@ -1417,8 +1418,6 @@ export default {
             acceptedWebsocketCodeOptions: [],
             dnsresolvetypeOptions: [],
             kafkaSaslMechanismOptions: [],
-            ipOrHostnameRegexPattern: hostNameRegexPattern(),
-            mqttIpOrHostnameRegexPattern: hostNameRegexPattern(true),
             gameList: null,
             connectionStringTemplates: {
                 "sqlserver": "Server=<hostname>,<port>;Database=<your database>;User Id=<your user id>;Password=<your password>;Encrypt=<true/false>;TrustServerCertificate=<Yes/No>;Connection Timeout=<int>",
@@ -2083,6 +2082,58 @@ message HealthCheckResponse {
                 }
             }
 
+            // Validate hostname field input for various monitors
+            if ([ "mqtt", "dns", "port", "ping", "steam", "gamedig", "radius", "tailscale-ping", "smtp", "snmp" ].includes(this.monitor.type) && this.monitor.hostname) {
+                let hostname = this.monitor.hostname.trim();
+
+                if (this.monitor.type === "mqtt") {
+                    hostname = hostname.replace(/^(mqtt|ws)s?:\/\//, "");
+                }
+
+                if (this.monitor.type === "dns" && isIP(hostname)) {
+                    toast.error(this.$t("hostnameCannotBeIP"));
+                    return false;
+                }
+
+                // Wildcard is allowed only for DNS
+                if (!isFQDN(hostname, {
+                    allow_wildcard: this.monitor.type === "dns",
+                    require_tld: false,
+                    allow_underscores: true,
+                    allow_trailing_dot: true,
+                }) && !isIP(hostname)) {
+                    if (this.monitor.type === "dns") {
+                        toast.error(this.$t("invalidDNSHostname"));
+                    } else {
+                        toast.error(this.$t("invalidHostnameOrIP"));
+                    }
+                    return false;
+                }
+            }
+
+            // Validate URL field input for various monitors
+            if ([ "http", "keyword", "json-query", "websocket-upgrade", "real-browser" ].includes(this.monitor.type) && this.monitor.url) {
+                try {
+                    const url = new URL(this.monitor.url);
+                    // Browser can encode *.hostname.com to %2A.hostname.com
+                    if (url.hostname.includes("*") || url.hostname.includes("%2A")) {
+                        toast.error(this.$t("wildcardOnlyForDNS"));
+                        return false;
+                    }
+                    if (!isFQDN(url.hostname, {
+                        require_tld: false,
+                        allow_underscores: true,
+                        allow_trailing_dot: true,
+                    }) && !isIP(url.hostname)) {
+                        toast.error(this.$t("invalidHostnameOrIP"));
+                        return false;
+                    }
+                } catch (err) {
+                    toast.error(this.$t("invalidURL"));
+                    return false;
+                }
+            }
+
             return true;
         },
 

src/pages/EditMonitor.vue

@@ -108,23 +108,6 @@ export function getDevContainerServerHostname() {
     return CODESPACE_NAME + "-3001." + GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN;
 }
 
-/**
- * Regex pattern fr identifying hostnames and IP addresses
- * @param {boolean} mqtt whether or not the regex should take into
- * account the fact that it is an mqtt uri
- * @returns {RegExp} The requested regex
- */
-export function hostNameRegexPattern(mqtt = false) {
-    // mqtt, mqtts, ws and wss schemes accepted by mqtt.js (https://github.com/mqttjs/MQTT.js/#connect)
-    const mqttSchemeRegexPattern = "((mqtt|ws)s?:\\/\\/)?";
-    // Source: https://digitalfortress.tech/tips/top-15-commonly-used-regex/
-    const ipRegexPattern = `((^${mqtt ? mqttSchemeRegexPattern : ""}((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?$))`;
-    // Source: https://stackoverflow.com/questions/106179/regular-expression-to-match-dns-hostname-or-ip-address
-    const hostNameRegexPattern = `^${mqtt ? mqttSchemeRegexPattern : ""}([a-zA-Z0-9])?(([a-zA-Z0-9_]|[a-zA-Z0-9_][a-zA-Z0-9\\-_]*[a-zA-Z0-9_])\\.)*([A-Za-z0-9_]|[A-Za-z0-9_][A-Za-z0-9\\-_]*[A-Za-z0-9_])(\\.)?$`;
-
-    return `${ipRegexPattern}|${hostNameRegexPattern}`;
-}
-
 /**
  * Get the tag color options
  * Shared between components