feat: discard the IP address that resolves from the SVR.JS domain configuration property
This commit is contained in:
parent
da7beddc61
commit
5e9d175c40
1 changed files with 82 additions and 29 deletions
|
|
@ -2,6 +2,7 @@ disableEndElseCallbackExecute = true; //Without "var", else it will not work!!!
|
||||||
|
|
||||||
var mysql = require("mysql");
|
var mysql = require("mysql");
|
||||||
var gnuplot = require("gnuplot"); //There is an OS command injection vulnerability in the "gnuplot" npm package, but since the statistics display part of the application doesn't involve user input, the application isn't affected by it.
|
var gnuplot = require("gnuplot"); //There is an OS command injection vulnerability in the "gnuplot" npm package, but since the statistics display part of the application doesn't involve user input, the application isn't affected by it.
|
||||||
|
var dns = require("dns");
|
||||||
|
|
||||||
if (!customvar1 && !customvar2) {
|
if (!customvar1 && !customvar2) {
|
||||||
try {
|
try {
|
||||||
|
|
@ -296,25 +297,14 @@ if (href == "/") {
|
||||||
}));
|
}));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
connection.connect(function (err) {
|
var requestIP = (req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).replace(/^::ffff:/i, "");
|
||||||
if (err) {
|
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
function finalCallback() {
|
||||||
serverconsole.errmessage("Stack:");
|
connection.connect(function (err) {
|
||||||
serverconsole.errmessage(err.stack);
|
if (err) {
|
||||||
res.writeHead(500, headers);
|
|
||||||
res.end(JSON.stringify({
|
|
||||||
"status": 500,
|
|
||||||
"message": "An unexpected error occurred."
|
|
||||||
}));
|
|
||||||
if (connection.end) connection.end();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
var requestIP = (req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).replace(/^::ffff:/i, "");
|
|
||||||
connection.query("INSERT INTO entries (ip, time, version, runtime, runtime_version) VALUES (" + mysql.escape(requestIP) + ", NOW(), " + mysql.escape(parsedJsonData.version) + ", " + mysql.escape(parsedJsonData.runtime) + ", " + mysql.escape(parsedJsonData.runtimeVersion) + ");", function (error, results, fields) {
|
|
||||||
if (error) {
|
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
serverconsole.errmessage("Stack:");
|
serverconsole.errmessage("Stack:");
|
||||||
serverconsole.errmessage(error.stack);
|
serverconsole.errmessage(err.stack);
|
||||||
res.writeHead(500, headers);
|
res.writeHead(500, headers);
|
||||||
res.end(JSON.stringify({
|
res.end(JSON.stringify({
|
||||||
"status": 500,
|
"status": 500,
|
||||||
|
|
@ -323,11 +313,7 @@ if (href == "/") {
|
||||||
if (connection.end) connection.end();
|
if (connection.end) connection.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
var entriesToInsert = [];
|
connection.query("INSERT INTO entries (ip, time, version, runtime, runtime_version) VALUES (" + mysql.escape(requestIP) + ", NOW(), " + mysql.escape(parsedJsonData.version) + ", " + mysql.escape(parsedJsonData.runtime) + ", " + mysql.escape(parsedJsonData.runtimeVersion) + ");", function (error, results, fields) {
|
||||||
parsedJsonData.mods.forEach(function (mod) {
|
|
||||||
entriesToInsert.push("(" + mysql.escape(results.insertId) + ", " + mysql.escape(mod.name) + ", " + mysql.escape(mod.version) + ")");
|
|
||||||
});
|
|
||||||
connection.query(entriesToInsert.length > 0 ? ("INSERT INTO entries_mods (entry_id, name, version) VALUES " + entriesToInsert.join(", ") + ";") : "SELECT 1;", function (error, results, fields) {
|
|
||||||
if (error) {
|
if (error) {
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
serverconsole.errmessage("Stack:");
|
serverconsole.errmessage("Stack:");
|
||||||
|
|
@ -340,15 +326,82 @@ if (href == "/") {
|
||||||
if (connection.end) connection.end();
|
if (connection.end) connection.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
res.writeHead(200, headers);
|
var entriesToInsert = [];
|
||||||
res.end(JSON.stringify({
|
parsedJsonData.mods.forEach(function (mod) {
|
||||||
"status": 200,
|
entriesToInsert.push("(" + mysql.escape(results.insertId) + ", " + mysql.escape(mod.name) + ", " + mysql.escape(mod.version) + ")");
|
||||||
"message": "The statistics are added successfully."
|
});
|
||||||
}));
|
connection.query(entriesToInsert.length > 0 ? ("INSERT INTO entries_mods (entry_id, name, version) VALUES " + entriesToInsert.join(", ") + ";") : "SELECT 1;", function (error, results, fields) {
|
||||||
if (connection.end) connection.end();
|
if (error) {
|
||||||
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
|
serverconsole.errmessage("Stack:");
|
||||||
|
serverconsole.errmessage(error.stack);
|
||||||
|
res.writeHead(500, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 500,
|
||||||
|
"message": "An unexpected error occurred."
|
||||||
|
}));
|
||||||
|
if (connection.end) connection.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
if (connection.end) connection.end();
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
}
|
||||||
|
if (typeof configJSON == "undefined" || !configJSON.domain) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
dns.resolve4(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
dns.resolve6(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
try {
|
||||||
|
dns.resolve6(configJSON.domain, function (err, addresses) {
|
||||||
|
if (err || !addresses || addresses.length == 0 || !addresses.find(function (address) {
|
||||||
|
return requestIP == address;
|
||||||
|
})) {
|
||||||
|
finalCallback();
|
||||||
|
} else {
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
res.end(JSON.stringify({
|
||||||
|
"status": 200,
|
||||||
|
"message": "The statistics are added successfully."
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
finalCallback();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
serverconsole.errmessage("There was an error while processing the request!");
|
serverconsole.errmessage("There was an error while processing the request!");
|
||||||
serverconsole.errmessage("Stack:");
|
serverconsole.errmessage("Stack:");
|
||||||
|
|
|
||||||
Reference in a new issue