Improve fetcher input validation

This commit is contained in:
Yarmo Mackenbach 2021-04-15 19:07:56 +02:00
parent 8e1ac82fde
commit 91a3ed1e96
No known key found for this signature in database
GPG key ID: 37367F4AF4087AD1
6 changed files with 36 additions and 24 deletions

View file

@ -27,14 +27,7 @@ module.exports = async (data, opts) => {
const fetchPromise = new Promise(async (resolve, reject) => {
const urlUser = `https://${data.domain}/api/v4/users?username=${data.username}`
let resUser
try {
resUser = await req(urlUser, null, { Accept: 'application/json' })
} catch (e) {
resUser = await req(utils.generateProxyURL('web', urlUser, opts), null, {
Accept: 'application/json',
})
}
const resUser = await req(urlUser, null, { Accept: 'application/json' })
const jsonUser = await resUser.json()
const user = jsonUser.find((user) => user.username === match[2])
@ -43,16 +36,7 @@ module.exports = async (data, opts) => {
}
const urlProject = `https://${data.domain}/api/v4/users/${user.id}/projects`
let resProject
try {
resProject = await req(urlProject, null, { Accept: 'application/json' })
} catch (e) {
resProject = await req(
utils.generateProxyURL('web', urlProject, opts),
null,
{ Accept: 'application/json' }
)
}
const resProject = await req(urlProject, null, { Accept: 'application/json' })
const jsonProject = await resProject.json()
const project = jsonProject.find((proj) => proj.path === 'gitlab_proof')

View file

@ -15,6 +15,7 @@ limitations under the License.
*/
const bent = require('bent')
const req = bent('GET')
const E = require('../enums')
module.exports = async (data, opts) => {
let timeoutHandle
@ -31,11 +32,11 @@ module.exports = async (data, opts) => {
return
}
switch (format) {
case 'json':
switch (data.format) {
case E.ProofFormat.JSON:
req(data.url, null, {
Accept: 'application/json',
'User-Agent': `doipjs/${require('../package.json').version}`,
'User-Agent': `doipjs/${require('../../package.json').version}`,
})
.then(async (res) => {
return await res.json()
@ -47,7 +48,7 @@ module.exports = async (data, opts) => {
reject(e)
})
break
case 'text':
case E.ProofFormat.TEXT:
req(data.url)
.then(async (res) => {
return await res.text()

View file

@ -25,6 +25,12 @@ module.exports = async (data, opts) => {
})
const fetchPromise = new Promise((resolve, reject) => {
try {
validator.isAscii(opts.claims.irc.nick)
} catch (err) {
throw new Error(`IRC fetcher was not set up properly (${err.message})`)
}
try {
const client = new irc.Client(data.domain, opts.nick, {
port: 6697,

View file

@ -15,6 +15,7 @@ limitations under the License.
*/
const bent = require('bent')
const bentReq = bent('GET')
const validator = require('validator')
module.exports = async (data, opts) => {
let timeoutHandle
@ -25,9 +26,15 @@ module.exports = async (data, opts) => {
)
})
const url = `https://${opts.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.accessToken}`
const fetchPromise = new Promise((resolve, reject) => {
try {
validator.isFQDN(opts.claims.matrix.instance)
validator.isAscii(opts.claims.matrix.accessToken)
} catch (err) {
throw new Error(`Matrix fetcher was not set up properly (${err.message})`)
}
const url = `https://${opts.claims.matrix.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.claims.matrix.accessToken}`
bentReq(url, null, {
Accept: 'application/json',
})

View file

@ -26,6 +26,12 @@ module.exports = async (data, opts) => {
})
const fetchPromise = new Promise((resolve, reject) => {
try {
validator.isAscii(opts.claims.twitter.bearerToken)
} catch (err) {
throw new Error(`Twitter fetcher was not set up properly (${err.message})`)
}
bentReq(
`https://api.twitter.com/1.1/statuses/show.json?id=${data.tweetId}&tweet_mode=extended`,
null,

View file

@ -52,6 +52,14 @@ module.exports = async (data, opts) => {
})
const fetchPromise = new Promise(async (resolve, reject) => {
try {
validator.isFQDN(opts.claims.xmpp.service)
validator.isAscii(opts.claims.xmpp.username)
validator.isAscii(opts.claims.xmpp.password)
} catch (err) {
throw new Error(`XMPP fetcher was not set up properly (${err.message})`)
}
if (!xmpp) {
const xmppStartRes = await xmppStart(
opts.service,