Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

validate URL params #2443

Closed
g-k opened this issue Mar 21, 2017 · 1 comment · Fixed by #2630
Closed

validate URL params #2443

g-k opened this issue Mar 21, 2017 · 1 comment · Fixed by #2630
Assignees
@dannycoates
Labels
security Security issue: can be an active issue, or related to security hygene
Milestone
General Release 55

Comments

@g-k
Copy link
Contributor

g-k commented Mar 21, 2017

More APP-INPUTVAL

Add validation for express.js req.params format and length:

» rg -w req.params
server/src/server.js
650:  let shotId = `${req.params.id}/${req.params.domain}`;
680:  let shotId = `${req.params.id}/${req.params.domain}`;
718:  let shotId = `${req.params.id}/${req.params.domain}`;
776:    req.params.imageid
787:        hasher.update(req.params.imageid);

server/src/pages/creating/model.js
2:  let finishedUrl = `/${encodeURIComponent(req.params.id)}/${encodeURIComponent(req.params.domain)}`;

server/src/pages/shot/server.js
11:  let shotId = `${req.params.id}/${req.params.domain}`;
@jvehent jvehent added the security Security issue: can be an active issue, or related to security hygene label Mar 21, 2017
@g-k
Copy link
Contributor Author

g-k commented Mar 21, 2017

http://forbeslindesay.github.io/express-route-tester/

@ghost ghost added this to the Screenshots in 54 milestone Mar 22, 2017
dannycoates added a commit that referenced this issue Apr 10, 2017
@dannycoates
validate url parameters. fixes #2443
c34705a
@dannycoates dannycoates mentioned this issue Apr 10, 2017
Merged
dannycoates added a commit that referenced this issue Apr 10, 2017
@dannycoates
validate url parameters. fixes #2443
435050f
@dannycoates dannycoates self-assigned this Apr 10, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dannycoates dannycoates

Labels
security Security issue: can be an active issue, or related to security hygene
Projects
None yet
Milestone
General Release 55
Development

Successfully merging a pull request may close this issue.

validate url parameters mozilla-services/screenshots
3 participants
@dannycoates @g-k @jvehent