Skip to content

Commit

Permalink
fix(security): security fix 2 #413
Browse files Browse the repository at this point in the history
  • Loading branch information
polonel committed Jun 15, 2021
1 parent c3c3b29 commit 58c90d8
Show file tree
Hide file tree
Showing 8 changed files with 130 additions and 47 deletions.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"ldapjs": "1.0.2",
"lodash": "4.17.11",
"mailparser": "2.4.3",
"marked": "0.6.1",
"marked": "2.0.7",
"matchdep": "2.0.0",
"memoize-one": "5.0.0",
"mkdirp": "0.5.1",
Expand Down Expand Up @@ -97,7 +97,7 @@
"redux-saga-thunk": "0.7.3",
"request": "2.88.0",
"rimraf": "2.6.3",
"sanitize-html": "1.20.0",
"sanitize-html": "2.4.0",
"script-loader": "0.7.2",
"semver": "5.6.0",
"serve-favicon": "2.5.0",
Expand Down
3 changes: 2 additions & 1 deletion src/controllers/accounts.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ var userSchema = require('../models/user')
var groupSchema = require('../models/group')
var permissions = require('../permissions')
var emitter = require('../emitter')
var xss = require('xss')

var accountsController = {}

Expand Down Expand Up @@ -51,7 +52,7 @@ accountsController.signup = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
content.data.privacyPolicy = marked(privacyPolicy.value)
content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}

return res.render('pub_signup', content)
Expand Down
11 changes: 6 additions & 5 deletions src/controllers/api/v1/tickets.js
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ apiTickets.create = function (req, res) {
var tIssue = ticket.issue
tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '<br>')
tIssue = sanitizeHtml(tIssue).trim()
ticket.issue = marked(tIssue)
ticket.issue = xss(marked(tIssue))
ticket.history = [HistoryItem]
ticket.subscribers = [req.user._id]

Expand Down Expand Up @@ -603,8 +603,8 @@ apiTickets.createPublicTicket = function (req, res) {
group: group._id,
type: ticketType._id,
priority: _.first(ticketType.priorities)._id, // TODO: change when priority order is complete!
subject: sanitizeHtml(postData.ticket.subject).trim(),
issue: sanitizeHtml(postData.ticket.issue).trim(),
subject: xss(sanitizeHtml(postData.ticket.subject).trim()),
issue: xss(sanitizeHtml(postData.ticket.issue).trim()),
history: [HistoryItem],
subscribers: [savedUser._id]
})
Expand All @@ -614,6 +614,7 @@ apiTickets.createPublicTicket = function (req, res) {
tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '<br>')
tIssue = sanitizeHtml(tIssue).trim()
ticket.issue = marked(tIssue)
ticket.issue = xss(ticket.issue)

ticket.save(function (err, t) {
if (err) return next(err)
Expand Down Expand Up @@ -912,7 +913,7 @@ apiTickets.postComment = function (req, res) {
var Comment = {
owner: owner,
date: new Date(),
comment: marked(comment)
comment: xss(marked(comment))
}

t.updated = Date.now()
Expand Down Expand Up @@ -984,7 +985,7 @@ apiTickets.postInternalNote = function (req, res) {
var Note = {
owner: payload.owner || req.user._id,
date: new Date(),
note: marked(payload.note)
note: xss(marked(payload.note))
}

ticket.updated = Date.now()
Expand Down
3 changes: 2 additions & 1 deletion src/controllers/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ var path = require('path')
var passport = require('passport')
var winston = require('winston')
var pkg = require('../../package')
var xss = require('xss')

var mainController = {}

Expand Down Expand Up @@ -77,7 +78,7 @@ mainController.about = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
content.data.privacyPolicy = marked(privacyPolicy.value)
content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}

return res.render('about', content)
Expand Down
4 changes: 2 additions & 2 deletions src/controllers/tickets.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ var winston = require('winston')
var groupSchema = require('../models/group')
var departmentSchema = require('../models/department')
var permissions = require('../permissions')

var xss = require('xss')
/**
* @since 1.0
* @author Chris Brame <polonel@gmail.com>
Expand Down Expand Up @@ -57,7 +57,7 @@ ticketsController.pubNewIssue = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
content.data.privacyPolicy = marked(privacyPolicy.value)
content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}

return res.render('pub_createTicket', content)
Expand Down
3 changes: 2 additions & 1 deletion src/models/ticket.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ var _ = require('lodash')
var moment = require('moment')
var sanitizeHtml = require('sanitize-html')
// var redisCache = require('../cache/rediscache');
var xss = require('xss')

// Needed - For Population
var groupSchema = require('./group')
Expand Down Expand Up @@ -439,7 +440,7 @@ ticketSchema.methods.setIssue = function (ownerId, issue, callback) {
var self = this
issue = issue.replace(/(\r\n|\n\r|\r|\n)/g, '<br>')
issue = sanitizeHtml(issue).trim()
self.issue = marked(issue)
self.issue = xss(marked(issue))

var historyItem = {
action: 'ticket:update:issue',
Expand Down
5 changes: 3 additions & 2 deletions src/socketio/ticketSocket.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ var prioritySchema = require('../models/ticketpriority')
var userSchema = require('../models/user')
var roleSchema = require('../models/role')
var permissions = require('../permissions')
var xss = require('xss')

var events = {}

Expand Down Expand Up @@ -332,7 +333,7 @@ events.onSetCommentText = function (socket) {

comment = sanitizeHtml(comment).trim()

var markedComment = marked(comment)
var markedComment = xss(marked(comment))

ticketSchema.getTicketById(ticketId, function (err, ticket) {
if (err) return winston.error(err)
Expand Down Expand Up @@ -384,7 +385,7 @@ events.onSetNoteText = function (socket) {
marked.setOptions({
breaks: true
})
var markedNote = marked(note)
var markedNote = xss(marked(note))

ticketSchema.getTicketById(ticketId, function (err, ticket) {
if (err) return winston.error(err)
Expand Down
Loading

0 comments on commit 58c90d8

Please sign in to comment.