🛡️ Sentinel: [MEDIUM] Fix Log Injection (CRLF) in shared exception handler

.jules/sentinel.md

@@ -85,3 +85,7 @@
 **Vulnerability:** Attackers could bypass SSRF IP blocklists using SIIT (Stateless IP/ICMP Translation, RFC 2765) addresses. The format `::ffff:0:a.b.c.d` (using the `::ffff:0:0:0/96` prefix) evaluates as `is_global = True` in Python's `ipaddress` module and is NOT caught by the `ipv4_mapped` property. If an attacker passes such an address, the OS networking stack might route it directly to the embedded IPv4 target, bypassing internal security restrictions.
 **Learning:** Python's `ipaddress` module only natively extracts standard IPv4-mapped addresses (`::ffff:a.b.c.d`), failing to recognize or unwrap SIIT IPv4-translated addresses.
 **Prevention:** Always manually unwrap SIIT addresses by checking if the high 96 bits of the IPv6 integer match the SIIT prefix (`ip_int >> 32 == 0xffff0000`). If so, extract the underlying 32-bit IPv4 address using bitwise operations (`ip_int & 0xFFFFFFFF`) and validate it against the SSRF blocklist.
+## 2025-05-24 - Log Injection (CRLF) in Shared Exception Handlers
+**Vulnerability:** A Log Injection (CRLF) vulnerability existed in a shared exception handler. While Python's `ipaddress` module natively escapes control characters in its `ValueError` exceptions using `!r` formatting, catching broad exceptions (e.g., `except (ValueError, TypeError, RecursionError):`) and logging the `e` object via f-string interpolation (`f"Error: {e}"`) is dangerous. If a future, unrelated `raise ValueError("malicious\ninput")` is added to the try block, the unescaped control characters would be evaluated by the logger, allowing log spoofing.
+**Learning:** Shared, broad exception handlers that catch errors from multiple potential sources must assume that the exception payload is untrusted and un-sanitized. Relying on the safe formatting behavior of one specific underlying module (`ipaddress`) is insufficient defense-in-depth.
+**Prevention:** Always sanitize exception messages caught in broad handlers before logging them by wrapping them in `repr(str(e))`. This ensures any embedded control characters (like `\n` or `\r`) are securely escaped, neutralizing log injection vectors.

testping1.py

@@ -275,7 +275,9 @@ def is_reachable(ip, timeout=1):
             raise ValueError(f"Scan range too large ({total_ips} IPs). Maximum 256 IPs allowed per scan.")
 
     except (ValueError, TypeError, RecursionError) as e:
-        logging.error(f"Invalid scan range configuration: {e}")
+        # 🛡️ Sentinel: Prevent Log Injection (CRLF) in shared exception handlers.
+        # While ipaddress exceptions may be safe, broad handlers might catch un-sanitized exceptions.
+        logging.error(f"Invalid scan range configuration: {repr(str(e))}")
         exit(1)
 
     # ⚡ Bolt: Optimize sequential IP address generation