AskDavis/cyphernode
1
0
Fork 0
mirror of https://github.com/AskDavis/cyphernode.git synced 2025-12-31 20:25:57 -08:00
Code Issues Packages Projects Releases Wiki Activity

Underscore in action was detected as potential code injection

Browse Source
This commit is contained in:
kexkey
2018-10-26 15:25:01 -04:00
parent 1c5d1f9c24
commit d4c801d8c3
2 changed files with 160 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api_auth_docker/auth.sh
View File

@@ -92,8 +92,9 @@ verify_group()
trace "[verify_group] action=${action}"
# Check for code injection
# action can be alphanum... nothing else
case $action in (*[![:alnum:]]*|"")
# action can be alphanum... and _ and - but nothing else
local actiontoinspect=$(echo "$action" | tr -d '_-')
case $actiontoinspect in (*[![:alnum:]]*|"")
trace "[verify_group] Potential code injection, exiting"
return 1
esac

14
api_auth_docker/tests.sh
View File

@@ -17,7 +17,7 @@ test_expiration()
eval k='$ukey_'$id
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+1))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s"
echo " Sleeping 2 seconds... "
@@ -41,7 +41,7 @@ test_authentication()
eval k='$ukey_'$id
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s"
local rc
@@ -67,8 +67,8 @@ test_authorization_watcher()
local k
eval k='$ukey_'$id
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+20))}" | base64)
local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s"
local rc
@@ -133,8 +133,8 @@ test_authorization_spender()
local k
eval k='$ukey_'$id
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+20))}" | base64)
local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s"
local rc
@@ -207,7 +207,7 @@ test_authorization_internal()
eval k='$ukey_'$id
local p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s"
local rc