Implement message sanitization for Aliyun SMS (#6605)

2026-01-06 17:10:37 +01:00 · 2026-01-06 17:10:37 +01:00 · 0adf20fc5b
commit 0adf20fc5b
parent cc33a28769 2cf2faa3a9
1 changed files with 31 additions and 2 deletions
--- a/server/notification-providers/aliyun-sms.js
+++ b/server/notification-providers/aliyun-sms.js
@ -19,7 +19,7 @@ class AliyunSMS extends NotificationProvider {
                    name: monitorJSON["name"],
                    time: heartbeatJSON["localDateTime"],
                    status: this.statusToString(heartbeatJSON["status"]),
-                    msg: heartbeatJSON["msg"],
+                    msg: this.removeIpAndDomain(heartbeatJSON["msg"]),
                });
                if (await this.sendSms(notification, msgBody)) {
                    return okMsg;
@ -29,7 +29,7 @@ class AliyunSMS extends NotificationProvider {
                    name: "",
                    time: "",
                    status: "",
-                    msg: msg,
+                    msg: this.removeIpAndDomain(msg),
                });
                if (await this.sendSms(notification, msgBody)) {
                    return okMsg;
@ -140,6 +140,35 @@ class AliyunSMS extends NotificationProvider {
                return status;
        }
    }
+
+    /**
+     * Remove IP addresses and domains from message to comply with Aliyun SMS restrictions
+     * @param {string} message Original message
+     * @returns {string} Message with IP addresses and domains removed
+     */
+    removeIpAndDomain(message) {
+        if (!message) {
+            return message;
+        }
+
+        // 1. Remove URLs first to avoid domain being matched separately
+        message = message.replace(/(?:https?|ftp|ws|wss):\/\/[^\s]+/gi, "[URL]");
+
+        // 2. Remove IPv4 addresses (with or without port)
+        message = message.replace(/\b(?:\d{1,3}\.){3}\d{1,3}(?::\d+)?\b/g, "[IP]");
+
+        // 3. Remove IPv6 addresses (with or without port)
+        message = message.replace(/\[?(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\]?(?::\d+)?/g, "[IP]");
+
+        // 4. Remove domain names (including subdomains and ports)
+        // Matches example.com, www.example.com, sub.example.com:8080, etc.
+        message = message.replace(/\b(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}(?::\d+)?\b/g, "[Domain]");
+
+        // 5. Remove CIDR notation (e.g., 192.168.0.0/24)
+        message = message.replace(/\b(?:\d{1,3}\.){3}\d{1,3}\/\d{1,2}\b/g, "[CIDR]");
+
+        return message;
+    }
 }

 module.exports = AliyunSMS;