From: Mint <>
Date: Tue, 29 Nov 2022 19:36:46 +0000 (+0300)
Subject: Additional query DoS mitigation
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=d0f1fe5c06bd37d1fb49de1951893e6501c91043;p=fba.git

Additional query DoS mitigation
---

diff --git a/api.py b/api.py
index c9b1b39..fbbd4da 100644
--- a/api.py
+++ b/api.py
@@ -5,6 +5,7 @@ from hashlib import sha256
 from fastapi.templating import Jinja2Templates
 from requests import get
 from json import loads
+from re import sub
 
 with open("config.json") as f:
     config = loads(f.read())
@@ -34,6 +35,10 @@ def info():
 def blocked(domain: str = None, reason: str = None):
     if domain == None and reason == None:
         raise HTTPException(status_code=400, detail="No filter specified")
+    if reason != None:
+        reason = sub("(%|_)", "", reason)
+        if len(reason) < 3:
+            raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
     conn = sqlite3.connect("blocks.db")
     c = conn.cursor()
     if domain != None:
@@ -42,10 +47,7 @@ def blocked(domain: str = None, reason: str = None):
         c.execute("select blocker, blocked, block_level, reason from blocks where blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ? or blocked = ?",
                   (domain, "*." + domain, wildchar, get_hash(domain), punycode, "*." + punycode))
     else:
-        if len(reason) < 3:
-            raise HTTPException(status_code=400, detail="Keyword is shorter than three characters")
-        else:
-            c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
+        c.execute("select blocker, blocked, reason, block_level from blocks where reason like ? and reason != ''", ("%"+reason+"%",))
     blocks = c.fetchall()
     conn.close()