🛡️ Sentinel: [CRITICAL/HIGH] Fix Log and Argument Injection via IPv6 scope_id

[ManupaKDU]

🚨 Severity: CRITICAL/HIGH

💡 Vulnerability: Log and Argument Injection via unhandled IPv6 scope_id
The Python ipaddress module's parsing mechanism allows arbitrary strings (including shell metacharacters like ;, &, \n) to be embedded within the scope_id of IPv6 addresses. Since this field wasn't validated, passing these IPv6 objects to subprocess.call or logging them directly exposed the system to severe injection attacks.

🎯 Impact:

• Argument Injection / RCE: Attackers supplying a malicious IPv6 address (e.g., fe80::1%eth0; rm -rf /) could inject arbitrary arguments into the ping command executed by subprocess.call.
• Log Injection: The unvalidated newlines (\n) in the scope_id permitted spoofing of system logs, potentially masking malicious activity or creating false alerts.

🔧 Fix:
Implemented a strict validation check directly after the ipaddress.ip_address instantiation:

• Used getattr(ip_obj, 'scope_id', None) to safely determine if the object is an IPv6 address with a specified scope.
• Applied re.fullmatch(r'[\w\-]+', ip_obj.scope_id) to restrict interface names to alphanumeric characters and hyphens, strictly blocking all metacharacters and control characters.
• Ensured any invalid scope_id triggers a safe, sanitized log error using repr() and rejects the ping request.

✅ Verification:
Added comprehensive unit tests simulating malicious scope_id payloads with both argument injection syntax (eth0; ls) and log injection syntax (\nERROR...). Verified that is_reachable correctly detects and rejects these payloads without invoking subprocess.call or evaluating the log injection vectors. Run the tests using python3 -m unittest test_testping1.py.

---

PR created automatically by Jules for task 14720639480865181532 started by @ManupaKDU

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.