XSS safe mode to prevent unsanitised input

This commit is contained in:
Martin McKeaveney 2024-10-07 16:47:49 +01:00
parent af2071c60c
commit ce61af1331
2 changed files with 11 additions and 6 deletions

View File

@ -354,7 +354,7 @@ describe("validate", () => {
"1' OR '1' = '1",
"' OR 'a' = 'a",
"<script>alert('XSS');</script>",
"\"><img src=x onerror=alert(1)>",
'"><img src=x onerror=alert(1)>',
"</script><script>alert('test')</script>",
"<div onmouseover=\"alert('XSS')\">Hover over me!</div>",
"'; EXEC sp_msforeachtable 'DROP TABLE ?'; --",
@ -362,14 +362,16 @@ describe("validate", () => {
"UNION SELECT * FROM users",
"INSERT INTO users (username, password) VALUES ('admin', 'password')",
"/* This is a comment */ SELECT * FROM users",
"<iframe src=\"http://malicious-site.com\"></iframe>"
])('test potentially unsafe input: %s', async input => {
'<iframe src="http://malicious-site.com"></iframe>',
])("test potentially unsafe input: %s", async input => {
environment.XSS_SAFE_MODE = true
const table = getTable()
const row = { text: input }
const output = await validate({ source: table, row })
expect(output.valid).toBe(false)
expect(output.errors).toBe(["Input not sanitised - potentially vulnerable to XSS"])
expect(output.errors).toBe([
"Input not sanitised - potentially vulnerable to XSS",
])
environment.XSS_SAFE_MODE = false
})
})

View File

@ -44,7 +44,8 @@ const SQL_CLIENT_SOURCE_MAP: Record<SourceName, SqlClient | undefined> = {
[SourceName.BUDIBASE]: undefined,
}
const XSS_INPUT_REGEX = /[<>;"'(){}]|--|\/\*|\*\/|union|select|insert|drop|delete|update|exec|script/i
const XSS_INPUT_REGEX =
/[<>;"'(){}]|--|\/\*|\*\/|union|select|insert|drop|delete|update|exec|script/i
export function getSQLClient(datasource: Datasource): SqlClient {
if (!isSQL(datasource)) {
@ -228,7 +229,9 @@ export async function validate({
if (env.XSS_SAFE_MODE && typeof row[fieldName] === "string") {
if (XSS_INPUT_REGEX.test(row[fieldName])) {
errors[fieldName] = ['Input not sanitised - potentially vulnerable to XSS']
errors[fieldName] = [
"Input not sanitised - potentially vulnerable to XSS",
]
}
}