From 542ccfca795dd4e813fddfa03b2d23fe378b0f72 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Tue, 1 Jul 2025 12:16:27 +0100 Subject: [PATCH] check for whitespace in gateways and phone numbers (#477) --- lib/routes/api/phone-numbers.js | 2 ++ lib/routes/api/sip-gateways.js | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/lib/routes/api/phone-numbers.js b/lib/routes/api/phone-numbers.js index 16dbd63..a87d75a 100644 --- a/lib/routes/api/phone-numbers.js +++ b/lib/routes/api/phone-numbers.js @@ -13,6 +13,7 @@ const preconditions = { }; const sysError = require('../error'); const { parsePhoneNumberSid } = require('./utils'); +const hasWhitespace = (str) => /\s/.test(str); /* check for required fields when adding */ @@ -28,6 +29,7 @@ async function validateAdd(req) { } if (!req.body.number) throw new DbErrorBadRequest('number is required'); + if (hasWhitespace(req.body.number)) throw new DbErrorBadRequest('number cannot contain whitespace'); const formattedNumber = e164(req.body.number); req.body.number = formattedNumber; } catch (err) { diff --git a/lib/routes/api/sip-gateways.js b/lib/routes/api/sip-gateways.js index 16162f3..6371342 100644 --- a/lib/routes/api/sip-gateways.js +++ b/lib/routes/api/sip-gateways.js @@ -6,6 +6,7 @@ const decorate = require('./decorate'); const sysError = require('../error'); const net = require('net'); +const hasWhitespace = (str) => /\s/.test(str); const checkUserScope = async(req, voip_carrier_sid) => { const {lookupCarrierBySid} = req.app.locals; if (!voip_carrier_sid) { @@ -60,6 +61,9 @@ const validate = async(req, sid) => { throw new DbErrorBadRequest( `netmask required to have value equal or greater than ${process.env.JAMBONZ_MIN_GATEWAY_NETMASK}`); } + if (hasWhitespace(ipv4)) { + throw new DbErrorBadRequest('Gateway must not contain whitespace'); + } if (inbound && !net.isIPv4(ipv4)) { throw new DbErrorBadRequest('Inbound gateway must be IPv4 address'); }