From eb125802bc1d8b47b607392802a4d6b7cbb07be2 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 21 Mar 2026 02:05:21 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[security?=
 =?UTF-8?q?=20improvement]=20Add=20input=20length=20limit=20to=20prevent?=
 =?UTF-8?q?=20resource=20exhaustion=20(DoS)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added input string length validation in `is_reachable` function to
mitigate potential resource exhaustion (DoS). The `ipaddress` module can
experience significant CPU spikes parsing excessively large string inputs.
By rejecting abnormally long strings upfront, we ensure smooth application
performance.

Also added the corresponding unit test: `test_is_reachable_ip_too_long`

Co-authored-by: ManupaKDU <95234271+ManupaKDU@users.noreply.github.com>
---
 test_testping1.py | 8 ++++++++
 testping1.py      | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/test_testping1.py b/test_testping1.py
index cc3f6a8..d6c0f73 100644
--- a/test_testping1.py
+++ b/test_testping1.py
@@ -27,6 +27,14 @@ def test_is_reachable_invalid_ip_format(self, mock_call):
         self.assertFalse(is_reachable('invalid_ip'))
         mock_call.assert_not_called()
 
+    @patch('testping1.subprocess.call')
+    def test_is_reachable_ip_too_long(self, mock_call):
+        """Test is_reachable rejects overly long IP strings to prevent DoS."""
+        with self.assertLogs(level='ERROR') as log:
+            self.assertFalse(is_reachable('A' * 101))
+            self.assertIn("IP address string too long", log.output[0])
+            mock_call.assert_not_called()
+
     @patch('testping1.subprocess.call')
     def test_is_reachable_argument_injection(self, mock_call):
         """Test is_reachable prevents argument injection by rejecting invalid IPs."""
diff --git a/testping1.py b/testping1.py
index 16af1e0..1c81739 100644
--- a/testping1.py
+++ b/testping1.py
@@ -15,6 +15,12 @@ def is_reachable(ip, timeout=1):
         bool: True if the ping is successful, False otherwise.
     """
 
+    # 🛡️ Sentinel: Add input length limit to prevent resource exhaustion (DoS)
+    # The ipaddress module can take significant time to parse extremely long strings
+    if isinstance(ip, str) and len(ip) > 100:
+        logging.error("IP address string too long")
+        return False
+
     # 🛡️ Sentinel: Validate IP address to prevent argument injection
     try:
         ip_obj = ipaddress.ip_address(ip)