coolaj86
/
walnut.js
1
1
Fork 1
Code Issues Pull Requests Releases Activity

fix XSS vulnerability on error pages

This commit is contained in:
AJ ONeal 2015-03-05 22:07:45 +00:00
parent 0ae9e5a069
commit 8827da6478
2 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/insecure-server.js
View File

@ -42,11 +42,11 @@ module.exports.create = function (securePort, insecurePort, redirects) {
+ '<html>\n'
+ '<head>\n'
+ ' <style>* { background-color: white; color: white; text-decoration: none; }</style>\n'
+ ' <META http-equiv="refresh" content="0;URL=' + newLocation + '">\n'
+ ' <META http-equiv="refresh" content="0;URL=' + encodeURI(newLocation) + '">\n'
+ '</head>\n'
+ '<body style="display: none;">\n'
+ ' <p>You requested an insecure resource. Please use this instead: \n'
+ ' <a href="' + newLocation + '">' + newLocation + '</a></p>\n'
+ ' <a href="' + encodeURI(newLocation) + '">' + encodeURI(newLocation) + '</a></p>\n'
+ '</body>\n'
+ '</html>\n'
;

34
lib/vhost-sni-server.js
View File

@ -45,13 +45,13 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
+ "<body>"
+ "<pre>"
+ "<code>"
+ "Method: " + req.method
+ "Method: " + encodeURI(req.method)
+ '\n'
+ "Hostname: " + domaininfo.hostname
+ "Hostname: " + encodeURI(domaininfo.hostname)
+ '\n'
+ "App: " + (domaininfo.pathname ? (domaininfo.pathname + '/') : '')
+ "App: " + encodeURI(domaininfo.pathname ? (domaininfo.pathname + '/') : '')
+ '\n'
+ "Route: " + req.url//.replace(/^\//, '')
+ "Route: " + encodeURI(req.url)//.replace(/^\//, '')
+ '\n'
// TODO better sanatization
+ 'Error: ' + (err.message || err.toString()).replace(/</g, '&lt;')
@ -151,20 +151,20 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
+ "</head>"
+ "<body>"
+ "Cannot "
+ req.method
+ encodeURI(req.method)
+ " 'https://"
+ domaininfo.hostname
+ encodeURI(domaininfo.hostname)
+ '/'
+ (domaininfo.pathname ? (domaininfo.pathname + '/') : '')
+ req.url.replace(/^\//, '')
+ encodeURI(domaininfo.pathname ? (domaininfo.pathname + '/') : '')
+ encodeURI(req.url.replace(/^\//, ''))
+ "'"
+ "<br/>"
+ "<br/>"
+ "Domain: " + domaininfo.hostname
+ "Domain: " + encodeURI(domaininfo.hostname)
+ "<br/>"
+ "App: " + domaininfo.pathname
+ "App: " + encodeURI(domaininfo.pathname)
+ "<br/>"
+ "Route : " + req.url
+ "Route : " + encodeURI(req.url)
+ "</body>"
+ "</html>"
);
@ -182,10 +182,15 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
appContext = localAppWrapped;
appContext(req, res, next);
} catch(e) {
console.error('[ERROR] ' + domaininfo.hostname + ':' + securePort + '/' + domaininfo.pathname);
console.error('[ERROR] '
+ domaininfo.hostname + ':' + securePort
+ '/' + domaininfo.pathname
);
console.error(e);
// TODO this may not work in web apps (due to 500), probably okay
res.writeHead(500);
res.end('{ "error": { "message": "[ERROR] could not load '
+ domaininfo.hostname + ':' + securePort + '/' + domaininfo.pathname
+ encodeURI(domaininfo.hostname) + ':' + securePort + '/' + encodeURI(domaininfo.pathname)
+ 'or default error app." } }');
}
});
@ -224,6 +229,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
console.error(err);
console.error(msg);
return function (req, res) {
res.writeHead(500);
res.end('{ "error": { "message": "' + msg + '" } }');
}
}
@ -392,6 +398,8 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
key: localDummyCerts.key
, cert: localDummyCerts.cert
, ca: localDummyCerts.ca
// changes from default: disallow RC4
, ciphers: "ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL"
};
function addSniWorkaroundCallback() {