Return default port if non-numeric characters are set in pihole-FTL.conf for FTLPORT. FTL does the same in such case and provide the API on 4711

Signed-off-by: Christian König <ckoenig@posteo.de>

advanced/Scripts/utils.sh

@@ -82,16 +82,14 @@ getFTLAPIPort(){
     if [ -s "$FTLCONFFILE" ]; then
         # if FTLPORT is not set in pihole-FTL.conf, use the default port
         ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
-        # Exploit prevention: unset the variable if there is malicious content
+        # Exploit prevention: set the port to the default port if there is malicious (non-numeric)
-        # Verify that the value read from the file is numeric
+        # content set in pihole-FTL.conf
-        expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
+        expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
     else
         # if there is no pihole-FTL.conf, use the default port
         ftl_api_port="${DEFAULT_FTL_PORT}"
     fi
 
-    # If the ftl_api_port contained malicious stuff, substitute with -1
-    ftl_api_port=${ftl_api_port:=-1}
     echo "${ftl_api_port}"
 }
 

test/test_any_utils.py

@@ -92,7 +92,7 @@ def test_getFTLAPIPort_custom(host):
 
 
 def test_getFTLAPIPort_malicious(host):
-    """Confirms getFTLAPIPort returns -1 if the setting in pihole-FTL.conf contains non-digits"""
+    """Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
     host.run(
         """
     echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
@@ -104,7 +104,7 @@ def test_getFTLAPIPort_malicious(host):
     getFTLAPIPort
     """
     )
-    expected_stdout = "-1\n"
+    expected_stdout = "4711\n"
     assert expected_stdout == output.stdout