Added a security check on all the inbound parameters to avoid command…

… injection

Better error handling

README.md

@@ -11,13 +11,14 @@ Based on the original repository: https://github.com/bencorn/traceroute
 * Added a sidebar with the hops information
 * Introduced the Unit Tests (Code coverage: > 80%)
 * Many interface improvements
+* Added a security check on all the inbound parameters to avoid command injection
 
 ### Running in Docker
 You can use the following image to run Visual Trace Route locally:
-michele73/traceroute:1.1.1
+michele73/traceroute:1.1.2
 
 Example:
-docker run -d -p 8081:80 --name=traceroute --restart=always -v traecroute_logs:/app/logs michele73/traceroute:1.1.1
+docker run -d -p 8081:80 --name=traceroute --restart=always -v traecroute_logs:/app/logs michele73/traceroute:1.1.2
 
 ### Live Demo
 You can view a live demo of the Trace Route application here: https://traceroute.di-maria.it/

TraceRoute/Controllers/APIController.cs

@@ -38,7 +38,7 @@ public async Task<TraceResultViewModel> TraceRoute(string destination)
             try
             {
                 _logger.LogInformation("Requested Trace to: {0}", destination);
-
+                destination = destination.Replace(";", "").Replace("&&", "").Replace("||", "").Replace(" ", "");    //makes the request secure
                 string trace = "traceroute -n -m 30 -w1 -I -q 1 " + destination;
                 var traceResult = await trace.Bash();
                 _logger.LogDebug("Bash result: {0}", traceResult);

TraceRoute/wwwroot/js/traceRouteController.js

@@ -22,6 +22,7 @@
                 return;
             }
             vm.isTracing = true;
+            vm.HostList = [];
             clearMarkersAndPaths();
             $http.get("api/trace/" + vm.Hostname)
                 .then(