external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Added BREACH attack mittigation, #4084

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-06-08 10:47:23 -07:00
parent f5f4305841
commit ea7e98b3b4
24 changed files with 727 additions and 700 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
MeshCentralServer.njsproj
View file

@ -613,6 +613,7 @@
<Content Include="views\messenger.handlebars" /> <Content Include="views\messenger.handlebars" />
<Content Include="views\mstsc.handlebars" /> <Content Include="views\mstsc.handlebars" />
<Content Include="views\player.handlebars" /> <Content Include="views\player.handlebars" />
<Content Include="views\sharing-mobile.handlebars" />
<Content Include="views\sharing.handlebars" /> <Content Include="views\sharing.handlebars" />
<Content Include="views\ssh.handlebars" /> <Content Include="views\ssh.handlebars" />
<Content Include="views\terms-mobile.handlebars" /> <Content Include="views\terms-mobile.handlebars" />

1
meshcentral-config-schema.json
View file

@ -120,6 +120,7 @@
"amtManager": { "type": "boolean", "default": true, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." }, "amtManager": { "type": "boolean", "default": true, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." },
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" }, "orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
"agentIdleTimeout": { "type": "integer", "minimum": 1, "default": 150 ,"description": "How much time in seconds with no traffic from an agent before dropping the agent connection." }, "agentIdleTimeout": { "type": "integer", "minimum": 1, "default": 150 ,"description": "How much time in seconds with no traffic from an agent before dropping the agent connection." },
"webPageLengthRandomization": { "type": "boolean", "default": true, "description": "Adds a random length string to generated web pages to mitigate a BREACH attack." },
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." }, "compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
"wsCompression": { "type": "boolean", "default": false, "description": "Enables server-side, websocket per-message deflate compression." }, "wsCompression": { "type": "boolean", "default": false, "description": "Enables server-side, websocket per-message deflate compression." },
"agentWsCompression": { "type": "boolean", "default": true, "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." }, "agentWsCompression": { "type": "boolean", "default": true, "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." },

4
public/translate.bat
View file

@ -1,7 +1,7 @@
@ECHO OFF @ECHO OFF
CD ..\translate CD ..\translate
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js minifyall %LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js minifyall
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js translateall REM %LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js translateall
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js extractall REM %LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js extractall
DEL ..\emails\translations\*-min_* DEL ..\emails\translations\*-min_*
Pause Pause

2
views/agentinvite.handlebars
View file

@ -167,6 +167,8 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var uiMode = parseInt(getstore('uiMode', 1)); var uiMode = parseInt(getstore('uiMode', 1));
var webPageStackMenu = false; var webPageStackMenu = false;
var webPageFullScreen = true; var webPageFullScreen = true;

1
views/default-mobile.handlebars
View file

@ -1192,6 +1192,7 @@
<iframe name="fileUploadFrame" style=display:none></iframe> <iframe name="fileUploadFrame" style=display:none></iframe>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
// Process server-side web state // Process server-side web state
var webState = '{{{webstate}}}'; var webState = '{{{webstate}}}';

1
views/default.handlebars
View file

@ -1402,6 +1402,7 @@
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
// Process server-side web state // Process server-side web state
var webState = '{{{webstate}}}'; var webState = '{{{webstate}}}';

1
views/download.handlebars
View file

@ -43,6 +43,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var messageid = parseInt('{{{messageid}}}'); var messageid = parseInt('{{{messageid}}}');
var fileurl = '{{{fileurl}}}'; var fileurl = '{{{fileurl}}}';
var filename = '{{{filename}}}'; var filename = '{{{filename}}}';

1
views/download2.handlebars
View file

@ -57,6 +57,7 @@
</tr> </tr>
</table> </table>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var messageid = parseInt('{{{messageid}}}'); var messageid = parseInt('{{{messageid}}}');
var fileurl = '{{{fileurl}}}'; var fileurl = '{{{fileurl}}}';
var filename = '{{{filename}}}'; var filename = '{{{filename}}}';

1
views/error404.handlebars
View file

@ -148,6 +148,7 @@
</div> </div>
<script nonce="{{{cspNonce}}}"> <script nonce="{{{cspNonce}}}">
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var uiMode = parseInt(getstore('uiMode', 1)); var uiMode = parseInt(getstore('uiMode', 1));
var webPageStackMenu = false; var webPageStackMenu = false;
var webPageFullScreen = true; var webPageFullScreen = true;

1
views/invite.handlebars
View file

@ -103,6 +103,7 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var urlargs = parseUriArgs(); var urlargs = parseUriArgs();
if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; } if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; }
var uiMode = parseInt(getstore('uiMode', 1)); var uiMode = parseInt(getstore('uiMode', 1));

1
views/login-mobile.handlebars
View file

@ -311,6 +311,7 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var loginMode = '{{{loginmode}}}'; var loginMode = '{{{loginmode}}}';
var newAccount = '{{{newAccount}}}'; var newAccount = '{{{newAccount}}}';
var passhint = '{{{passhint}}}'; var passhint = '{{{passhint}}}';

1
views/login.handlebars
View file

@ -305,6 +305,7 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var passlogin = '{{{passlogin}}}'; var passlogin = '{{{passlogin}}}';
var passhint = '{{{passhint}}}'; var passhint = '{{{passhint}}}';
var loginMode = '{{{loginmode}}}'; var loginMode = '{{{loginmode}}}';

1
views/login2.handlebars
View file

@ -361,6 +361,7 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var welcomePictureFullScreen = (decodeURIComponent('{{{welcomePictureFullScreen}}}') === 'true'); var welcomePictureFullScreen = (decodeURIComponent('{{{welcomePictureFullScreen}}}') === 'true');
var passlogin = '{{{passlogin}}}'; var passlogin = '{{{passlogin}}}';
var passhint = '{{{passhint}}}'; var passhint = '{{{passhint}}}';

1
views/message.handlebars
View file

@ -43,6 +43,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var titleid = parseInt('{{{titleid}}}'); var titleid = parseInt('{{{titleid}}}');
var msgid = parseInt('{{{msgid}}}'); var msgid = parseInt('{{{msgid}}}');
var domainurl = decodeURIComponent('{{{domainurl}}}'); var domainurl = decodeURIComponent('{{{domainurl}}}');

1
views/message2.handlebars
View file

@ -44,6 +44,7 @@
</tr> </tr>
</table> </table>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var titleid = parseInt('{{{titleid}}}'); var titleid = parseInt('{{{titleid}}}');
var msgid = parseInt('{{{msgid}}}'); var msgid = parseInt('{{{msgid}}}');
var domainurl = decodeURIComponent('{{{domainurl}}}'); var domainurl = decodeURIComponent('{{{domainurl}}}');

1
views/messenger.handlebars
View file

@ -60,6 +60,7 @@
<canvas width="256" height="256" id="remoteImage" style="position:absolute;right:24px;top:45px;width:200px;height:200px;background-color:gray;border-radius:12px 12px 12px 12px;box-shadow:3px 3px 10px gray;display:none" /> <canvas width="256" height="256" id="remoteImage" style="position:absolute;right:24px;top:45px;width:200px;height:200px;background-color:gray;border-radius:12px 12px 12px 12px;box-shadow:3px 3px 10px gray;display:none" />
<input id="uploadFileInput" type="file" multiple style="display:none"> <input id="uploadFileInput" type="file" multiple style="display:none">
<script type="text/javascript" onunload="onUnLoad()"> <script type="text/javascript" onunload="onUnLoad()">
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var userInputFocus = 0; var userInputFocus = 0;
var socket = null; // Websocket object var socket = null; // Websocket object
var state = 0; // Connection state. 0 = Disconnected, 1 = Connecting, 2 = Connected. var state = 0; // Connection state. 0 = Disconnected, 1 = Connecting, 2 = Connected.

1
views/mstsc.handlebars
View file

@ -75,6 +75,7 @@
} }
</style> </style>
<script language="javascript"> <script language="javascript">
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var client = null; var client = null;
var canvas = null; var canvas = null;
var urlargs = parseUriArgs(); var urlargs = parseUriArgs();

1
views/player.handlebars
View file

@ -96,6 +96,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var recFile = null; var recFile = null;
var recFilePtr = 0; var recFilePtr = 0;
var recFileStartTime = 0; var recFileStartTime = 0;

1
views/sharing-mobile.handlebars
View file

@ -737,6 +737,7 @@
<iframe name="fileUploadFrame" style=display:none></iframe> <iframe name="fileUploadFrame" style=display:none></iframe>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var args = parseUriArgs(); var args = parseUriArgs();
var urlargs = args; var urlargs = args;
var sessionTime = parseInt('{{{sessiontime}}}'); var sessionTime = parseInt('{{{sessiontime}}}');

1
views/sharing.handlebars
View file

@ -283,6 +283,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var sessionActivity = null; var sessionActivity = null;
var desktop = null; var desktop = null;
var agentPresent = true; var agentPresent = true;

1
views/ssh.handlebars
View file

@ -68,6 +68,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var term = null; var term = null;
var termfit = null; var termfit = null;
var resizeTimer = null; var resizeTimer = null;

1
views/terms.handlebars
View file

@ -161,6 +161,7 @@
</div> </div>
<script> <script>
'use strict'; 'use strict';
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var uiMode = parseInt(getstore('uiMode', 1)); var uiMode = parseInt(getstore('uiMode', 1));
var webPageStackMenu = false; var webPageStackMenu = false;
var webPageFullScreen = true; var webPageFullScreen = true;

1
views/xterm.handlebars
View file

@ -80,6 +80,7 @@
</div> </div>
</div> </div>
<script> <script>
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
var term = null; var term = null;
var termfit = null; var termfit = null;
var tunnel = null; var tunnel = null;

4
webserver.js
View file

@ -7696,6 +7696,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
xargs.domainurl = domain.url; xargs.domainurl = domain.url;
xargs.autocomplete = (domain.autocomplete === false)?'x':'autocomplete'; // This option allows autocomplete to be turned off on the login page. xargs.autocomplete = (domain.autocomplete === false)?'x':'autocomplete'; // This option allows autocomplete to be turned off on the login page.
if (typeof domain.hide == 'number') { xargs.hide = domain.hide; } if (typeof domain.hide == 'number') { xargs.hide = domain.hide; }
// To mitigate any possible BREACH attack, we generate a random length string here.
xargs.randomlength = (args.webpagelengthrandomization !== false) ? parent.crypto.randomBytes(parent.crypto.randomInt(0, 256)).toString('base64') : '';
return xargs; return xargs;
} }