From 95ad90063ba74866b248c547890c54120f849f55 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 8 Mar 2024 09:08:53 +0100
Subject: [PATCH] Validate client_config path expression

---
 api/modules/wireguard.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/modules/wireguard.py b/api/modules/wireguard.py
index 1ded47fa..904d87bb 100644
--- a/api/modules/wireguard.py
+++ b/api/modules/wireguard.py
@@ -1,4 +1,5 @@
 import subprocess
+import re
 
 def configs():
     #ignore symlinks, because wg0.conf is in production the main config, but in insiders it is a symlink
@@ -19,6 +20,10 @@ def client_config_active():
     return(active_config[1])
 
 def client_config_list(client_config):
+    pattern = r'^[a-zA-Z0-9_-]+$'
+    if not re.match(pattern, client_config):
+        raise ValueError("Invalid client_config")
+
     config_path = f"/etc/wireguard/{client_config}"
     try:
         with open(config_path, 'r') as f: