spiderfoot: Move sanitiseInput() from sflib to SpiderFootHelpers (smi…

…callef#1374)

modules/sfp_tool_cmseek.py

@@ -16,7 +16,7 @@
 import os.path
 from subprocess import PIPE, Popen
 
-from spiderfoot import SpiderFootEvent, SpiderFootPlugin
+from spiderfoot import SpiderFootEvent, SpiderFootPlugin, SpiderFootHelpers
 
 
 class sfp_tool_cmseek(SpiderFootPlugin):
@@ -109,7 +109,7 @@ def handleEvent(self, event):
             return
 
         # Sanitize domain name.
-        if not self.sf.sanitiseInput(eventData):
+        if not SpiderFootHelpers.sanitiseInput(eventData):
             self.sf.error("Invalid input, refusing to run.")
             return
 

modules/sfp_tool_dnstwist.py

@@ -16,7 +16,7 @@
 from shutil import which
 from subprocess import PIPE, Popen
 
-from spiderfoot import SpiderFootEvent, SpiderFootPlugin
+from spiderfoot import SpiderFootEvent, SpiderFootPlugin, SpiderFootHelpers
 
 
 class sfp_tool_dnstwist(SpiderFootPlugin):
@@ -115,7 +115,7 @@ def handleEvent(self, event):
             cmd = [self.opts['pythonpath'], exe]
 
         # Sanitize domain name.
-        if not self.sf.sanitiseInput(eventData):
+        if not SpiderFootHelpers.sanitiseInput(eventData):
             self.sf.error("Invalid input, refusing to run.")
             return
 

modules/sfp_tool_wafw00f.py

@@ -15,7 +15,7 @@
 import os.path
 from subprocess import PIPE, Popen
 
-from spiderfoot import SpiderFootEvent, SpiderFootPlugin
+from spiderfoot import SpiderFootEvent, SpiderFootPlugin, SpiderFootHelpers
 
 
 class sfp_tool_wafw00f(SpiderFootPlugin):
@@ -93,7 +93,7 @@ def handleEvent(self, event):
 
         url = eventData
 
-        if not self.sf.sanitiseInput(url):
+        if not SpiderFootHelpers.sanitiseInput(url):
             self.sf.error("Invalid input, refusing to run.")
             return
 

modules/sfp_tool_whatweb.py

@@ -15,7 +15,7 @@
 import os.path
 from subprocess import PIPE, Popen
 
-from spiderfoot import SpiderFootEvent, SpiderFootPlugin
+from spiderfoot import SpiderFootEvent, SpiderFootPlugin, SpiderFootHelpers
 
 
 class sfp_tool_whatweb(SpiderFootPlugin):
@@ -102,7 +102,7 @@ def handleEvent(self, event):
             return
 
         # Sanitize domain name.
-        if not self.sf.sanitiseInput(eventData):
+        if not SpiderFootHelpers.sanitiseInput(eventData):
             self.sf.error("Invalid input, refusing to run.")
             return
 

setup.cfg

@@ -5,7 +5,7 @@ docstring-convention = google
 ignore-decorators = property
 select = C,E,F,W,B,B9,DAR,DUO,R,A,S,Q0,SIM,SFS
 # Note: ANN and SIM tests should be reviewed and fixed instead of ignored
-ignore = E501 W503 B006 E800 B950 SFS301 SF01 Q000 SIM102 SIM113 SIM115 I D ANN
+ignore = E501 W503 B006 E800 B950 SFS301 SF01 Q000 SIM102 SIM111 SIM113 SIM115 I D ANN
 # Note: most of these should be fixed instead of ignored
 per-file-ignores =
     spiderfoot/event.py:A

sflib.py

@@ -1009,33 +1009,6 @@ def validPhoneNumber(self, phone: str) -> bool:
         except Exception:
             return False
 
-    def sanitiseInput(self, cmd: str) -> bool:
-        """Verify input command is safe to execute
-
-        Args:
-            cmd (str): The command to check
-
-        Returns:
-            bool: command is "safe"
-        """
-        chars = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
-                 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-                 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '.']
-        for c in cmd:
-            if c.lower() not in chars:
-                return False
-
-        if '..' in cmd:
-            return False
-
-        if cmd.startswith("-"):
-            return False
-
-        if len(cmd) < 3:
-            return False
-
-        return True
-
     def dictwords(self) -> list:
         """Return dictionary words and/or names from several language dictionaries.
 

spiderfoot/helpers.py

@@ -401,3 +401,31 @@ def parseRobotsTxt(robotsTxtData: str) -> list:
                     returnArr.append(m.group(1))
 
         return returnArr
+
+    @staticmethod
+    def sanitiseInput(cmd: str) -> bool:
+        """Verify input command is safe to execute
+
+        Args:
+            cmd (str): The command to check
+
+        Returns:
+            bool: command is "safe"
+        """
+        chars = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
+                 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+                 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '.']
+        for c in cmd:
+            if c.lower() not in chars:
+                return False
+
+        if '..' in cmd:
+            return False
+
+        if cmd.startswith("-"):
+            return False
+
+        if len(cmd) < 3:
+            return False
+
+        return True

test/unit/test_spiderfoot.py

@@ -723,36 +723,6 @@ def test_normalize_dns_should_return_list(self):
                 dns = sf.normalizeDNS(invalid_type)
                 self.assertIsInstance(dns, list)
 
-    def test_sanitise_input(self):
-        """
-        Test sanitiseInput(self, cmd)
-        """
-        sf = SpiderFoot(dict())
-
-        safe = sf.sanitiseInput("example-string")
-        self.assertIsInstance(safe, bool)
-        self.assertTrue(safe)
-
-        safe = sf.sanitiseInput("example-string\n")
-        self.assertIsInstance(safe, bool)
-        self.assertFalse(safe)
-
-        safe = sf.sanitiseInput("example string")
-        self.assertIsInstance(safe, bool)
-        self.assertFalse(safe)
-
-        safe = sf.sanitiseInput("-example-string")
-        self.assertIsInstance(safe, bool)
-        self.assertFalse(safe)
-
-        safe = sf.sanitiseInput("..example-string")
-        self.assertIsInstance(safe, bool)
-        self.assertFalse(safe)
-
-        safe = sf.sanitiseInput("12")
-        self.assertIsInstance(safe, bool)
-        self.assertFalse(safe)
-
     def test_dictwords_should_return_a_list(self):
         """
         Test dictwords(self)

test/unit/test_spiderfoothelpers.py

@@ -193,3 +193,31 @@ def test_parse_robots_txt_should_return_list(self):
         robots_txt = SpiderFootHelpers.parseRobotsTxt("disallow: /disallowed/path\n")
         self.assertIsInstance(robots_txt, list)
         self.assertIn("/disallowed/path", robots_txt)
+
+    def test_sanitise_input(self):
+        """
+        Test sanitiseInput(self, cmd)
+        """
+        safe = SpiderFootHelpers.sanitiseInput("example-string")
+        self.assertIsInstance(safe, bool)
+        self.assertTrue(safe)
+
+        safe = SpiderFootHelpers.sanitiseInput("example-string\n")
+        self.assertIsInstance(safe, bool)
+        self.assertFalse(safe)
+
+        safe = SpiderFootHelpers.sanitiseInput("example string")
+        self.assertIsInstance(safe, bool)
+        self.assertFalse(safe)
+
+        safe = SpiderFootHelpers.sanitiseInput("-example-string")
+        self.assertIsInstance(safe, bool)
+        self.assertFalse(safe)
+
+        safe = SpiderFootHelpers.sanitiseInput("..example-string")
+        self.assertIsInstance(safe, bool)
+        self.assertFalse(safe)
+
+        safe = SpiderFootHelpers.sanitiseInput("12")
+        self.assertIsInstance(safe, bool)
+        self.assertFalse(safe)