diff --git a/package-lock.json b/package-lock.json index 12ace22aa..f07c2b7fb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "uptime-kuma", - "version": "2.1.0-beta.0", + "version": "2.1.0-beta.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "uptime-kuma", - "version": "2.1.0-beta.0", + "version": "2.1.0-beta.1", "license": "MIT", "dependencies": { "@grpc/grpc-js": "~1.8.22", @@ -88,6 +88,7 @@ "thirty-two": "~1.0.2", "tldts": "^7.0.19", "tough-cookie": "~4.1.3", + "validator": "^13.15.26", "web-push": "^3.6.7", "ws": "^8.13.0" }, @@ -18583,6 +18584,15 @@ "spdx-expression-parse": "^3.0.0" } }, + "node_modules/validator": { + "version": "13.15.26", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.26.tgz", + "integrity": "sha512-spH26xU080ydGggxRyR1Yhcbgx+j3y5jbNXk/8L+iRvdIEQ4uTRH2Sgf2dokud6Q4oAtsbNvJ1Ft+9xmm6IZcA==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, "node_modules/varint": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/varint/-/varint-6.0.0.tgz", diff --git a/package.json b/package.json index 09811f1ad..1fff55628 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "uptime-kuma", - "version": "2.1.0-beta.0", + "version": "2.1.0-beta.1", "license": "MIT", "repository": { "type": "git", @@ -122,8 +122,8 @@ "net-snmp": "^3.11.2", "node-cloudflared-tunnel": "~1.0.9", "node-fetch-cache": "^5.1.0", - "nodemailer": "~7.0.12", "node-radius-utils": "~1.2.0", + "nodemailer": "~7.0.12", "nostr-tools": "^2.10.4", "notp": "~2.0.3", "openid-client": "^5.4.2", @@ -149,6 +149,7 @@ "thirty-two": "~1.0.2", "tldts": "^7.0.19", "tough-cookie": "~4.1.3", + "validator": "^13.15.26", "web-push": "^3.6.7", "ws": "^8.13.0" }, diff --git a/server/notification-providers/telegram.js b/server/notification-providers/telegram.js index a98c326d7..790f06a69 100644 --- a/server/notification-providers/telegram.js +++ b/server/notification-providers/telegram.js @@ -4,6 +4,47 @@ const axios = require("axios"); class Telegram extends NotificationProvider { name = "telegram"; + /** + * Escapes special characters for Telegram MarkdownV2 format + * @param {string} text Text to escape + * @returns {string} Escaped text + */ + escapeMarkdownV2(text) { + if (!text) { + return text; + } + + // Characters that need to be escaped in MarkdownV2 + // https://core.telegram.org/bots/api#markdownv2-style + return String(text).replace(/[_*[\]()~>#+\-=|{}.!\\]/g, "\\$&"); + } + + /** + * Recursively escapes string properties of an object for Telegram MarkdownV2 + * @param {object|string} obj Object or string to escape + * @returns {object|string} Escaped object or string + */ + escapeObjectRecursive(obj) { + if (typeof obj === "string") { + return this.escapeMarkdownV2(obj); + } + if (typeof obj === "object" && obj !== null) { + // Check if array + if (Array.isArray(obj)) { + return obj.map(item => this.escapeObjectRecursive(item)); + } + + const newObj = {}; + for (const key in obj) { + if (Object.prototype.hasOwnProperty.call(obj, key)) { + newObj[key] = this.escapeObjectRecursive(obj[key]); + } + } + return newObj; + } + return obj; + } + /** * @inheritdoc */ @@ -24,7 +65,29 @@ class Telegram extends NotificationProvider { } if (notification.telegramUseTemplate) { - params.text = await this.renderTemplate(notification.telegramTemplate, msg, monitorJSON, heartbeatJSON); + let monitorJSONCopy = monitorJSON; + let heartbeatJSONCopy = heartbeatJSON; + + if (notification.telegramTemplateParseMode === "MarkdownV2") { + msg = this.escapeMarkdownV2(msg); + + if (monitorJSONCopy) { + monitorJSONCopy = this.escapeObjectRecursive(monitorJSONCopy); + } else { + // for testing monitorJSON is null, provide escaped defaults + monitorJSONCopy = { + name: this.escapeMarkdownV2("Monitor Name not available"), + hostname: this.escapeMarkdownV2("testing.hostname"), + url: this.escapeMarkdownV2("testing.hostname"), + }; + } + + if (heartbeatJSONCopy) { + heartbeatJSONCopy = this.escapeObjectRecursive(heartbeatJSONCopy); + } + } + + params.text = await this.renderTemplate(notification.telegramTemplate, msg, monitorJSONCopy, heartbeatJSONCopy); if (notification.telegramTemplateParseMode !== "plain") { params.parse_mode = notification.telegramTemplateParseMode; diff --git a/src/lang/en.json b/src/lang/en.json index 43cadb749..b6687bc3c 100644 --- a/src/lang/en.json +++ b/src/lang/en.json @@ -276,6 +276,11 @@ "mqttWebsocketPathExplanation": "WebSocket path for MQTT over WebSocket connections (e.g., /mqtt)", "mqttWebsocketPathInvalid": "Please use a valid WebSocket Path format", "mqttHostnameTip": "Please use this format {hostnameFormat}", + "hostnameCannotBeIP": "DNS hostname cannot be an IP. Did you mean to use the resolver field?", + "invalidHostnameOrIP": "Invalid hostname or IP. Hostname must be a valid FQDN. Cannot use wildcard. Can have underscore, or end with a dot.", + "invalidDNSHostname": "Invalid hostname. Hostname must be a valid FQDN. Can be a wildcard, have underscore or end with a dot.", + "wildcardOnlyForDNS": "Wildcard hostnames are only supported for DNS monitors.", + "invalidURL": "Invalid URL", "successKeyword": "Success Keyword", "successKeywordExplanation": "MQTT Keyword that will be considered as success", "recent": "Recent", diff --git a/src/pages/EditMonitor.vue b/src/pages/EditMonitor.vue index db92bea05..e673d9415 100644 --- a/src/pages/EditMonitor.vue +++ b/src/pages/EditMonitor.vue @@ -333,7 +333,6 @@ v-model="monitor.hostname" type="text" class="form-control" - :pattern="`${monitor.type === 'mqtt' ? mqttIpOrHostnameRegexPattern : ipOrHostnameRegexPattern}`" required data-testid="hostname-input" > @@ -1336,7 +1335,9 @@ import { MIN_INTERVAL_SECOND, sleep, } from "../util.ts"; -import { hostNameRegexPattern, timeDurationFormatter } from "../util-frontend"; +import { timeDurationFormatter } from "../util-frontend"; +import isFQDN from "validator/lib/isFQDN"; +import isIP from "validator/lib/isIP"; import HiddenInput from "../components/HiddenInput.vue"; import EditMonitorConditions from "../components/EditMonitorConditions.vue"; @@ -1424,8 +1425,6 @@ export default { acceptedWebsocketCodeOptions: [], dnsresolvetypeOptions: [], kafkaSaslMechanismOptions: [], - ipOrHostnameRegexPattern: hostNameRegexPattern(), - mqttIpOrHostnameRegexPattern: hostNameRegexPattern(true), gameList: null, connectionStringTemplates: { "sqlserver": "Server=,;Database=;User Id=;Password=;Encrypt=;TrustServerCertificate=;Connection Timeout=", @@ -2090,6 +2089,58 @@ message HealthCheckResponse { } } + // Validate hostname field input for various monitors + if ([ "mqtt", "dns", "port", "ping", "steam", "gamedig", "radius", "tailscale-ping", "smtp", "snmp" ].includes(this.monitor.type) && this.monitor.hostname) { + let hostname = this.monitor.hostname.trim(); + + if (this.monitor.type === "mqtt") { + hostname = hostname.replace(/^(mqtt|ws)s?:\/\//, ""); + } + + if (this.monitor.type === "dns" && isIP(hostname)) { + toast.error(this.$t("hostnameCannotBeIP")); + return false; + } + + // Wildcard is allowed only for DNS + if (!isFQDN(hostname, { + allow_wildcard: this.monitor.type === "dns", + require_tld: false, + allow_underscores: true, + allow_trailing_dot: true, + }) && !isIP(hostname)) { + if (this.monitor.type === "dns") { + toast.error(this.$t("invalidDNSHostname")); + } else { + toast.error(this.$t("invalidHostnameOrIP")); + } + return false; + } + } + + // Validate URL field input for various monitors + if ([ "http", "keyword", "json-query", "websocket-upgrade", "real-browser" ].includes(this.monitor.type) && this.monitor.url) { + try { + const url = new URL(this.monitor.url); + // Browser can encode *.hostname.com to %2A.hostname.com + if (url.hostname.includes("*") || url.hostname.includes("%2A")) { + toast.error(this.$t("wildcardOnlyForDNS")); + return false; + } + if (!isFQDN(url.hostname, { + require_tld: false, + allow_underscores: true, + allow_trailing_dot: true, + }) && !isIP(url.hostname)) { + toast.error(this.$t("invalidHostnameOrIP")); + return false; + } + } catch (err) { + toast.error(this.$t("invalidURL")); + return false; + } + } + return true; }, diff --git a/src/util-frontend.js b/src/util-frontend.js index fdb2a8157..5912620b5 100644 --- a/src/util-frontend.js +++ b/src/util-frontend.js @@ -108,23 +108,6 @@ export function getDevContainerServerHostname() { return CODESPACE_NAME + "-3001." + GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN; } -/** - * Regex pattern fr identifying hostnames and IP addresses - * @param {boolean} mqtt whether or not the regex should take into - * account the fact that it is an mqtt uri - * @returns {RegExp} The requested regex - */ -export function hostNameRegexPattern(mqtt = false) { - // mqtt, mqtts, ws and wss schemes accepted by mqtt.js (https://github.com/mqttjs/MQTT.js/#connect) - const mqttSchemeRegexPattern = "((mqtt|ws)s?:\\/\\/)?"; - // Source: https://digitalfortress.tech/tips/top-15-commonly-used-regex/ - const ipRegexPattern = `((^${mqtt ? mqttSchemeRegexPattern : ""}((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?$))`; - // Source: https://stackoverflow.com/questions/106179/regular-expression-to-match-dns-hostname-or-ip-address - const hostNameRegexPattern = `^${mqtt ? mqttSchemeRegexPattern : ""}([a-zA-Z0-9])?(([a-zA-Z0-9_]|[a-zA-Z0-9_][a-zA-Z0-9\\-_]*[a-zA-Z0-9_])\\.)*([A-Za-z0-9_]|[A-Za-z0-9_][A-Za-z0-9\\-_]*[A-Za-z0-9_])(\\.)?$`; - - return `${ipRegexPattern}|${hostNameRegexPattern}`; -} - /** * Get the tag color options * Shared between components