From ef2700e97970590b4e5e975c147dde4b7cde7320 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 3 Jun 2026 02:16:23 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20Add=20DoS?=
 =?UTF-8?q?=20protections=20to=20script=20main=20entry=20point?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch addresses a resource exhaustion Denial of Service (DoS) vulnerability in the testping1.py `__main__` entry point. The input lengths for `start_ip` and `end_ip` are now bounded, preventing maliciously long strings or massive integers from freezing execution or consuming excess CPU when parsed by `ipaddress.ip_address()`. Additionally, it properly catches `RecursionError` during this parsing to prevent thread pool exhaustion and crashes on recursively embedded inputs.

Co-authored-by: ManupaKDU <95234271+ManupaKDU@users.noreply.github.com>
---
 testping1.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/testping1.py b/testping1.py
index 4566891..8cee092 100644
--- a/testping1.py
+++ b/testping1.py
@@ -243,6 +243,15 @@ def is_reachable(ip, timeout=1):
     # Ensure start_ip and end_ip are valid IP addresses, are in the correct order,
     # and limit the maximum scan range to prevent resource exhaustion.
     try:
+        if type(start_ip) is int and (start_ip < 0 or start_ip > (2**128 - 1)):
+            raise ValueError("start_ip integer out of range")
+        if type(end_ip) is int and (end_ip < 0 or end_ip > (2**128 - 1)):
+            raise ValueError("end_ip integer out of range")
+        if isinstance(start_ip, (str, bytes)) and len(start_ip) > 100:
+            raise ValueError("start_ip input too long")
+        if isinstance(end_ip, (str, bytes)) and len(end_ip) > 100:
+            raise ValueError("end_ip input too long")
+
         start_obj = ipaddress.ip_address(start_ip)
         end_obj = ipaddress.ip_address(end_ip)
 
@@ -260,7 +269,7 @@ def is_reachable(ip, timeout=1):
         if total_ips > 256:
             raise ValueError(f"Scan range too large ({total_ips} IPs). Maximum 256 IPs allowed per scan.")
 
-    except (ValueError, TypeError) as e:
+    except (ValueError, TypeError, RecursionError) as e:
         logging.error(f"Invalid scan range configuration: {e}")
         exit(1)