Improve note about port name restrictions

greenbone · Apr 15, 2020 · 5ce9e79 · 5ce9e79
1 parent 917206a
commit 5ce9e79
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -31040,8 +31040,13 @@ validate_results_port (const char *port)
 
   /* "cpe:abc", "general/tcp", "20/udp"
    *
-   * The , and ; is to stop users from entering lists of ports.
-   * CPE doesn't use them because seems like they're valid in CPEs. */
+   * We keep the "general/tcp" case pretty open because it is not clearly
+   * restricted anywhere, and is already used with non-alphanumerics in
+   * "general/Host_Details".  We exclude whitespace, ',' and ';' to prevent
+   * users from entering lists of ports.
+   *
+   * Similary, the CPE case forbids whitespace, but allows ',' and ';' as
+   * these may occur in valid CPEs. */
   if (g_regex_match_simple
        ("^(cpe:[^\\s]+|general/[^\\s,;]+|[0-9]+/[[:alnum:]]+)$",
         port, 0, 0)