jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix crash when req.query handling

Browse Source 
https://expressjs.com/en/5x/api.html#req.query

"As req.query’s shape is based on user-controlled input, all properties and values in this object
are untrusted and should be validated before trusting"

In essence, req.query.xx can be an array OR an array of strings.
This commit is contained in:
Girish Ramakrishnan
2025-07-13 13:14:32 +02:00
parent dc7f5e3dbc
commit 04de621e37
14 changed files with 66 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/routes/system.js
View File

@@ -60,13 +60,13 @@ async function getMemory(req, res, next) {
async function getLogs(req, res, next) {
assert.strictEqual(typeof req.params.unit, 'string');
const lines = 'lines' in req.query ? parseInt(req.query.lines, 10) : 10; // we ignore last-event-id
const lines = typeof req.query.lines === 'string' ? parseInt(req.query.lines, 10) : 10; // we ignore last-event-id
if (isNaN(lines)) return next(new HttpError(400, 'lines must be a number'));
const options = {
lines: lines,
follow: false,
format: req.query.format || 'json'
format: typeof req.query.format === 'string' ? req.query.format : 'json'
};
const [error, logStream] = await safe(system.getLogs(req.params.unit, options));
@@ -85,7 +85,7 @@ async function getLogs(req, res, next) {
async function getLogStream(req, res, next) {
assert.strictEqual(typeof req.params.unit, 'string');
const lines = 'lines' in req.query ? parseInt(req.query.lines, 10) : 10; // we ignore last-event-id
const lines = typeof req.query.lines === 'string' ? parseInt(req.query.lines, 10) : 10; // we ignore last-event-id
if (isNaN(lines)) return next(new HttpError(400, 'lines must be a valid number'));
function sse(id, data) { return 'id: ' + id + '\ndata: ' + data + '\n\n'; }
@@ -95,7 +95,7 @@ async function getLogStream(req, res, next) {
const options = {
lines: lines,
follow: true,
format: req.query.format || 'json'
format: typeof req.query.format === 'string' ? req.query.format : 'json'
};
const [error, logStream] = await safe(system.getLogs(req.params.unit, options));
@@ -119,12 +119,12 @@ async function getLogStream(req, res, next) {
}
async function getMetrics(req, res, next) {
if (!req.query.fromSecs || !parseInt(req.query.fromSecs, 10)) return next(new HttpError(400, 'fromSecs must be a number'));
if (!req.query.intervalSecs || !parseInt(req.query.intervalSecs, 10)) return next(new HttpError(400, 'intervalSecs must be a number'));
if (typeof req.query.fromSecs !== 'string' || !parseInt(req.query.fromSecs, 10)) return next(new HttpError(400, 'fromSecs must be a number'));
if (typeof req.query.intervalSecs !== 'string' || !parseInt(req.query.intervalSecs, 10)) return next(new HttpError(400, 'intervalSecs must be a number'));
const fromSecs = parseInt(req.query.fromSecs, 10);
const intervalSecs = parseInt(req.query.intervalSecs, 10);
const noNullPoints = !!req.query.noNullPoints;
const noNullPoints = typeof req.query.noNullPoints === 'string' ? (req.query.noNullPoints === '1' || req.query.noNullPoints === 'true') : false;
const system = req.query.system === 'true';
const appIds = 'appId' in req.query ? (Array.isArray(req.query.appId) ? req.query.appId : [ req.query.appId ]) : [];
const serviceIds = 'serviceId' in req.query ? (Array.isArray(req.query.serviceId) ? req.query.serviceId : [ req.query.serviceId ]) : [];