Video Decoder not sanitizing IP addresses. #325
Description
Was using the topside software yesterday and noticed that a "/" is appended to the front of the IP Address being sent to the Pi Camera's.
@Krs158 I think you meant to remove a letter from the start of the ip string:
final int lastLocation = newAddress.lastIndexOf('.');
if (lastLocation >= 0) {
final String testAddress = newAddress.substring(1, lastLocation - 1);
if (broadcastIP.equals(testAddress)) {
eventPublisher.emit(new VideoValueA(newAddress, config.portA()));
eventPublisher.emit(new VideoValueB(newAddress, config.portB()));
should maybe be:
final int lastLocation = newAddress.lastIndexOf('.');
if (lastLocation >= 0) {
final String testAddress = newAddress.substring(1, lastLocation - 1);
if (broadcastIP.equals(testAddress)) {
eventPublisher.emit(new VideoValueA(newAddress.substring(1), config.portA()));
eventPublisher.emit(new VideoValueB(newAddress.substring(1), config.portB()));
Using a Regular Expression
A safer way to handle this would be to use a Regular Expression. These are one of the coolest tools you have when it comes to working with strings. With a regular expression you can extract complicated patterns from a string without having to worry about these off by one errors.
You can use the Pattern class to come up with a pattern for your address, and match it against that.
For example, this is how you can get an IP out of this string asdasASD/192.168.88.123@!asdasd
Pattern p = Pattern.compile("[^1-9]*([1-9]{1,3}[.][1-9]{1,3}[.][1-9]{1,3}[.][1-9]{1,3})[^1-9]*");
Matcher m = p.matcher("asdasASD/192.168.88.123@!asdasd");
boolean b = m.matches();
if (b) {
System.out.println(m.group(1));
}
// prints:
192.168.88.123
What is pattern compile?
This is a Regular Expression to match an IP address. It was created to match the following pattern:
[^1-9]*([1-9]{1,3}\\.[1-9]{1,3}\\.[1-9]{1,3}\\.[1-9]{1,3})[^1-9]*
[^1-9]* is any character that is not 1 to 9, and * means 0 or more times
[1-9]{1,3} is a character from 1 to 9 and {1,3} means 1 to 3 times repeating
\\. is the literal . character. (whereas . without \\ means any character)
( ... ) means a group. anything in () is a group and can be extracted from the pattern
So in plain english, the long regex is:
Some amount of non numerical characters followed by a group, followed by some amount of non numerical characters. The group is 1-3 numbers . 1-3 numbers . 1-3 numbers . 1-3 numbers
Making a regex for the subnet
In our case you need to make a regex to match our subnet. That might look something like this:
[^1-9]*(192\\.168\\.88\\.[1-9]{1,3})[^1-9]*
In the existing code you have a subnet where the . characters are not escaped properly 192.168.88.. You can get the pattern tool to do this calling Pattern.quote("192.168.88.");
Final result
String subnet = "192.168.88.";
String testIP = "asdasASD/192.168.88.123@!asdasd";
Pattern p = Pattern.compile("[^1-9]*(" + Pattern.quote(subnet) + "[1-9]{1,3})[^1-9]*");
Matcher m = p.matcher(testIP);
boolean b = m.matches();
if (b) {
System.out.println(m.group(1));
}
// prints:
192.168.88.123