Security fix -

Restrict access to files on webserver by monitoring the request path content before allowing it to be accessed.
2015-04-10 11:10:59 +10:00 · 2015-04-10 11:10:59 +10:00 · 2b441cdb9f
commit 2b441cdb9f
parent eb70a19a0c
1 changed files with 44 additions and 0 deletions
--- a/lib/webPanel.js
+++ b/lib/webPanel.js
@ -133,6 +133,50 @@

        };

+         /**
+
+        * This function scans through any webPanel request.
+        * if the request contains the 'path' query parameter then it will pass it
+        * through a check that ensures the following:
+            - it contains logs
+            - it contains 20xx
+            - it is accessing a .json file
+        * if it passess the checks it sends the request to the next webPanel function
+        * otherwise it returns a json error message
+
+
+
+        */
+
+        webPanel.use(function(req, res, next){
+
+            var path = req.query.path
+
+            if(path!=null){
+
+                if(path.indexOf("logs")!=-1 && path.indexOf("20")!=-1 && path.indexOf(".json")!=-1) {
+
+                    next();
+
+                } else {
+
+                    var response = {};
+                    response.error = true;
+                    res.json(response);
+
+
+                }
+
+            } else {
+
+                next();
+            }
+
+
+
+
+        });
+

        /**
         * /api