From 50c6b406e62c11677cb512425850c84d6fd47546 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 27 Mar 2026 02:11:32 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[CRITICAL]?=
 =?UTF-8?q?=20Fix=20unhandled=20TypeError=20for=20arbitrary=20IP=20inputs?=
 =?UTF-8?q?=20(DoS)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: ManupaKDU <95234271+ManupaKDU@users.noreply.github.com>
---
 test_testping1.py | 10 ++++++++++
 testping1.py      |  5 ++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/test_testping1.py b/test_testping1.py
index 9af957a..33424a8 100644
--- a/test_testping1.py
+++ b/test_testping1.py
@@ -35,6 +35,16 @@ def test_is_reachable_ip_too_long(self, mock_call):
             self.assertIn("IP address string too long", log.output[0])
             mock_call.assert_not_called()
 
+    @patch('testping1.subprocess.call')
+    def test_is_reachable_type_error(self, mock_call):
+        """Test is_reachable gracefully handles inputs that raise TypeError."""
+        invalid_ips = [None, [], {}, ()]
+        for invalid_ip in invalid_ips:
+            with self.assertLogs(level='ERROR') as log:
+                self.assertFalse(is_reachable(invalid_ip))
+                self.assertIn(f"Invalid IP address format: {repr(invalid_ip)}", log.output[0])
+                mock_call.assert_not_called()
+
     @patch('testping1.subprocess.call')
     def test_is_reachable_argument_injection(self, mock_call):
         """Test is_reachable prevents argument injection by rejecting invalid IPs."""
diff --git a/testping1.py b/testping1.py
index 1917f4b..b64f065 100644
--- a/testping1.py
+++ b/testping1.py
@@ -29,9 +29,12 @@ def is_reachable(ip, timeout=1):
         return False
 
     # 🛡️ Sentinel: Validate IP address to prevent argument injection
+    # Catch TypeError alongside ValueError as ipaddress.ip_address()
+    # raises TypeError when passed None or non-string/int objects,
+    # which can crash the worker thread pool (DoS) if unhandled.
     try:
         ip_obj = ipaddress.ip_address(ip)
-    except ValueError:
+    except (ValueError, TypeError):
         # 🛡️ Sentinel: Sanitize log input to prevent CRLF/Log Injection
         logging.error(f"Invalid IP address format: {repr(ip)}")
         return False