1
0
Fork 0
forked from svrjs/svrjs

Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url could be vulnerable to path traversal.

This commit is contained in:
Dorian Niemiec 2023-09-06 19:22:03 +02:00
parent dc23125ce4
commit 08816fe4f3
3 changed files with 13 additions and 5 deletions

View file

@ -1 +0,0 @@
{path}

View file

@ -1,9 +1,9 @@
{
"users": [],
"port": 80,
"port": 5555,
"pubport": 80,
"page404": "404.html",
"timestamp": 1693865100955,
"timestamp": 1694020816055,
"blacklist": [],
"nonStandardCodes": [],
"enableCompression": true,

9
svr.js
View file

@ -4043,6 +4043,7 @@ if (!cluster.isPrimary) {
// Sanitize URL
var sanitizedHref = sanitizeURL(href);
var preparedReqUrl = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
// Check if URL is "dirty"
if (href != sanitizedHref && !isProxy) {
@ -4076,6 +4077,14 @@ if (!cluster.isPrimary) {
redirect(sanitizedURL, false);
return;
}
} else if(req.url != preparedReqUrl && !isProxy) {
serverconsole.resmessage("URL sanitized: " + req.url + " => " + preparedReqUrl);
if(rewriteDirtyURLs) {
req.url = preparedReqUrl;
} else {
redirect(preparedReqUrl, false);
return;
}
}
// Handle redirects to HTTPS