fix: sanitize password and cookie key

2021-06-07 14:46:59 -07:00
parent deaa2242ca
commit 3b50bfc17d
6 changed files with 30 additions and 6 deletions
--- a/src/node/http.ts
+++ b/src/node/http.ts
@ -7,7 +7,7 @@ import { normalize, Options } from "../common/util"
 import { AuthType, DefaultedArgs } from "./cli"
 import { commit, rootPath } from "./constants"
 import { Heart } from "./heart"
-import { getPasswordMethod, IsCookieValidArgs, isCookieValid } from "./util"
+import { getPasswordMethod, IsCookieValidArgs, isCookieValid, sanitizeString } from "./util"

 declare global {
  // eslint-disable-next-line @typescript-eslint/no-namespace
@ -72,7 +72,7 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {
      const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
      const isCookieValidArgs: IsCookieValidArgs = {
        passwordMethod,
-        cookieKey: req.cookies.key as string,
+        cookieKey: sanitizeString(req.cookies.key),
        passwordFromArgs: req.args.password || "",
        hashedPasswordFromArgs: req.args["hashed-password"],
      }
--- a/src/node/routes/login.ts
+++ b/src/node/routes/login.ts
@ -4,7 +4,7 @@ import { RateLimiter as Limiter } from "limiter"
 import * as path from "path"
 import { rootPath } from "../constants"
 import { authenticated, getCookieDomain, redirect, replaceTemplates } from "../http"
-import { getPasswordMethod, handlePasswordValidation, humanPath } from "../util"
+import { getPasswordMethod, handlePasswordValidation, humanPath, sanitizeString } from "../util"

 export enum Cookie {
  Key = "key",
@ -61,7 +61,7 @@ router.get("/", async (req, res) => {
 })

 router.post("/", async (req, res) => {
-  const password = req.body.password
+  const password = sanitizeString(req.body.password)
  const hashedPasswordFromArgs = req.args["hashed-password"]

  try {
--- a/src/node/util.ts
+++ b/src/node/util.ts
@ -274,6 +274,17 @@ export async function isCookieValid(isCookieValidArgs: IsCookieValidArgs): Promi
  return isValid
 }

+/** Ensures that the input is sanitized by checking
+ * - it's a string
+ * - greater than 0 characters
+ * - trims whitespace
+ */
+export function sanitizeString(str: string): string {
+  // Very basic sanitization of string
+  // Credit: https://stackoverflow.com/a/46719000/3015595
+  return typeof str === "string" && str.trim().length > 0 ? str.trim() : ""
+}
+
 const mimeTypes: { [key: string]: string } = {
  ".aac": "audio/x-aac",
  ".avi": "video/x-msvideo",