feat: discard the IP address that resolves from the SVR.JS domain configuration property
This commit is contained in:
parent
da7beddc61
commit
5e9d175c40
1 changed files with 82 additions and 29 deletions
|
@ -2,6 +2,7 @@ disableEndElseCallbackExecute = true; //Without "var", else it will not work!!!
|
||||||
|
|
||||||
var mysql = require("mysql");
|
var mysql = require("mysql");
|
||||||
var gnuplot = require("gnuplot"); //There is an OS command injection vulnerability in the "gnuplot" npm package, but since the statistics display part of the application doesn't involve user input, the application isn't affected by it.
|
var gnuplot = require("gnuplot"); //There is an OS command injection vulnerability in the "gnuplot" npm package, but since the statistics display part of the application doesn't involve user input, the application isn't affected by it.
|
||||||
|
var dns = require("dns");
|
||||||
|
|
||||||
if (!customvar1 && !customvar2) {
|
if (!customvar1 && !customvar2) {
|
||||||
try {
|
try {
|
||||||
|
@ -296,6 +297,9 @@ if (href == "/") {
|
||||||
}));
|
}));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
var requestIP = (req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).replace(/^::ffff:/i, "");
|
||||||
|
|
||||||
|
function finalCallback() {
|
||||||
connection.connect(function (err) {
|
connection.connect(function (err) {
|
||||||
if (err) {
|
if (err) {
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
|
@ -309,7 +313,6 @@ if (href == "/") {
|
||||||
if (connection.end) connection.end();
|
if (connection.end) connection.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
var requestIP = (req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).replace(/^::ffff:/i, "");
|
|
||||||
connection.query("INSERT INTO entries (ip, time, version, runtime, runtime_version) VALUES (" + mysql.escape(requestIP) + ", NOW(), " + mysql.escape(parsedJsonData.version) + ", " + mysql.escape(parsedJsonData.runtime) + ", " + mysql.escape(parsedJsonData.runtimeVersion) + ");", function (error, results, fields) {
|
connection.query("INSERT INTO entries (ip, time, version, runtime, runtime_version) VALUES (" + mysql.escape(requestIP) + ", NOW(), " + mysql.escape(parsedJsonData.version) + ", " + mysql.escape(parsedJsonData.runtime) + ", " + mysql.escape(parsedJsonData.runtimeVersion) + ");", function (error, results, fields) {
|
||||||
if (error) {
|
if (error) {
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
|
@ -349,6 +352,56 @@ if (href == "/") {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
if (typeof configJSON == "undefined" || !configJSON.domain) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
dns.resolve4(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
dns.resolve6(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
try {
|
||||||
|
dns.resolve6(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
finalCallback();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
serverconsole.errmessage("Stack:");
|
serverconsole.errmessage("Stack:");
|
||||||
|
|
Reference in a new issue