DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url could be vulnerable to path traversal.

Browse source
This commit is contained in:
Dorian Niemiec 2023-09-06 19:22:03 +02:00
parent dc23125ce4
commit 08816fe4f3
3 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
404.html
View file

@ -1 +0,0 @@
{path}

6
config.json
View file

@ -1,9 +1,9 @@
{ {
"users": [], "users": [],
"port": 80, "port": 5555,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1693865100955, "timestamp": 1694020816055,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,
@ -102,4 +102,4 @@
"errorPages": [], "errorPages": [],
"useWebRootServerSideScript": true, "useWebRootServerSideScript": true,
"exposeModsInErrorPages": true "exposeModsInErrorPages": true
} }

11
svr.js
View file

@ -4043,7 +4043,8 @@ if (!cluster.isPrimary) {
// Sanitize URL // Sanitize URL
var sanitizedHref = sanitizeURL(href); var sanitizedHref = sanitizeURL(href);
var preparedReqUrl = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
// Check if URL is "dirty" // Check if URL is "dirty"
if (href != sanitizedHref && !isProxy) { if (href != sanitizedHref && !isProxy) {
var sanitizedURL = uobject; var sanitizedURL = uobject;
@ -4076,6 +4077,14 @@ if (!cluster.isPrimary) {
redirect(sanitizedURL, false); redirect(sanitizedURL, false);
return; return;
} }
} else if(req.url != preparedReqUrl && !isProxy) {
serverconsole.resmessage("URL sanitized: " + req.url + " => " + preparedReqUrl);
if(rewriteDirtyURLs) {
req.url = preparedReqUrl;
} else {
redirect(preparedReqUrl, false);
return;
}
} }
// Handle redirects to HTTPS // Handle redirects to HTTPS