Skip to content

Commit

Permalink
use builtins for sanitize
Browse files Browse the repository at this point in the history
  • Loading branch information
birm committed May 15, 2020
1 parent 6e28690 commit 4a3b91b
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 18 deletions.
6 changes: 3 additions & 3 deletions caracal.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ const iipHandler = require('./handlers/iipHandler.js');
const loaderHandler = require('./handlers/loaderHandler.js');
const permissionHandler = require('./handlers/permssionHandler.js');
const dataHandlers = require('./handlers/dataHandlers.js');
const sanitizeBody = require('./handlers/sanitizeHandler.js')
const sanitizeBody = require('./handlers/sanitizeHandler.js');
// TODO validation of data

var WORKERS = process.env.NUM_THREADS || 4;
Expand Down Expand Up @@ -59,7 +59,7 @@ app.use('/loader/', loaderHandler);
// data, mongo
app.use('/data', auth.loginHandler(auth.PUBKEY));
// sanitize
app.use("/data", sanitizeBody)
app.use("/data", sanitizeBody);
// slide
app.get('/data/Slide/find', dataHandlers.Slide.find);
app.get('/data/Slide/find', auth.filterHandler('data', 'userFilter', 'filter'));
Expand Down Expand Up @@ -170,7 +170,7 @@ app.use(function(err, req, res, next) {
// wrap strings in a json
if (typeof err === 'string' || err instanceof String) {
err = {'error': err};
console.error(err)
console.error(err);
} else {
console.error(err.error || err.message || err.toString());
}
Expand Down
2 changes: 1 addition & 1 deletion handlers/authHandlers.js
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ if (DISABLE_SEC && !JWK_URL) {
} else {
console.error('need JWKS URL (JWK_URL)');
process.exit(1);
}
}

const getToken = function(req) {
if (req.headers.authorization &&
Expand Down
22 changes: 8 additions & 14 deletions handlers/sanitizeHandler.js
Original file line number Diff line number Diff line change
@@ -1,25 +1,19 @@
var ERR_ON_SANITIZE = (process.env.ERR_ON_SANITIZE === 'true') || false;


String.prototype.replaceAll = function(str1, str2, ignore)
{
return this.replace(new RegExp(str1.replace(/([\/\,\!\\\^\$\{\}\[\]\(\)\.\*\+\?\|\<\>\-\&])/g,"\\$&"),(ignore?"gi":"g")),(typeof(str2)=="string")?str2.replace(/\$/g,"$$$$"):str2);
}

function sanitizeBody(req, res, next){
function sanitizeBody(req, res, next) {
// handle req body edgecases
if (ERR_ON_SANITIZE){
if (req.body.indexOf("<") >=0 || req.body.indexOf(">") >=0){
if (ERR_ON_SANITIZE) {
if (req.body.indexOf("<") >=0 || req.body.indexOf(">") >=0) {
let e = {'statusCode': 400};
e.error = 'Characters < and > disallowed in body.';
next(e)
next(e);
} else {
next()
next();
}
} else {
req.body = req.body.replaceAll("<", "")
req.body = req.body.replaceAll(">", "")
next()
req.body = req.body.replace(/</g, "");
req.body = req.body.replace(/>/g, "");
next();
}
}

Expand Down

0 comments on commit 4a3b91b

Please sign in to comment.