From 769e2564059b3bb63847cea7916e84d7ec144dce Mon Sep 17 00:00:00 2001 From: Yarmo Mackenbach Date: Thu, 2 Mar 2023 09:38:01 +0100 Subject: [PATCH] fix: Fix fingerprint sanitization --- src/server/keys.js | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/server/keys.js b/src/server/keys.js index 8185c6b..793e1b4 100644 --- a/src/server/keys.js +++ b/src/server/keys.js @@ -124,22 +124,20 @@ const fetchHKP = (id, keyserverDomain) => { keyserverDomain = keyserverDomain || 'keys.openpgp.org' let query = '' - let sanitizedId = ''; if (id.includes('@')) { query = id } else { - const whitespaceRegex = /\s/g; + let sanitizedId = id + const whitespaceRegex = /\s/g if (whitespaceRegex.test(id)) { - sanitizedId = id.replaceAll(whitespaceRegex, ''); - } else { - sanitizedId = id; + sanitizedId = id.replaceAll(whitespaceRegex, '') } query = `0x${sanitizedId}` } output.fetchURL = `https://${keyserverDomain}/pks/lookup?op=get&options=mr&search=${query}` - const hash = createHash('md5').update(`${sanitizedId}__${keyserverDomain}`).digest('hex') + const hash = createHash('md5').update(`${query}__${keyserverDomain}`).digest('hex') if (c && await c.get(hash)) { output.publicKey = await readKey({ @@ -147,7 +145,7 @@ const fetchHKP = (id, keyserverDomain) => { }) } else { try { - output.publicKey = await doipjs.keys.fetchHKP(sanitizedId, keyserverDomain) + output.publicKey = await doipjs.keys.fetchHKP(query, keyserverDomain) } catch (error) { reject(new Error('No public keys could be fetched using HKP')) }