mirror of
				https://github.com/Ylianst/MeshCentral.git
				synced 2025-03-09 15:40:18 +00:00 
			
		
		
		
	Added extra sysinfo validation.
This commit is contained in:
		
							parent
							
								
									328d478319
								
							
						
					
					
						commit
						fc7bb97a37
					
				
					 2 changed files with 25 additions and 0 deletions
				
			
		
							
								
								
									
										21
									
								
								common.js
									
										
									
									
									
								
							
							
						
						
									
										21
									
								
								common.js
									
										
									
									
									
								
							|  | @ -292,4 +292,25 @@ module.exports.meshServerRightsArrayToNumber = function (val) { | |||
|         return newAccRights; | ||||
|     } | ||||
|     return null; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| // Validate an object to make sure it can be stored in MongoDB
 | ||||
| module.exports.validateObjectForMongo = function (obj, maxStrLen) { | ||||
|     return validateObjectForMongoRec(obj, maxStrLen); | ||||
| } | ||||
| 
 | ||||
| function validateObjectForMongoRec(obj, maxStrLen) { | ||||
|     if (typeof obj != 'object') return false; | ||||
|     for (var i in obj) { | ||||
|         // Check the key name is not too long
 | ||||
|         if (i.length > 100) return false; | ||||
|         // Check if all chars are alpha-numeric or underscore.
 | ||||
|         for (var j in i) { const c = i.charCodeAt(j); if ((c < 48) || ((c > 57) && (c < 65)) || ((c > 90) && (c < 97) && (c != 95)) || (c > 122)) return false; } | ||||
|         // If the value is a string, check it's not too long
 | ||||
|         if ((typeof obj[i] == 'string') && (obj[i].length > maxStrLen)) return false; | ||||
|         // If the value is an object, check it.
 | ||||
|         if ((typeof obj[i] == 'object') && (Array.isArray(obj[i]) == false) && (validateObjectForMongoRec(obj[i], maxStrLen) == false)) return false; | ||||
|     } | ||||
|     return true; | ||||
| } | ||||
|  | @ -1360,6 +1360,10 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { | |||
|                     } | ||||
|                 case 'sysinfo': { | ||||
|                     if ((typeof command.data == 'object') && (typeof command.data.hash == 'string')) { | ||||
|                         // Validate command.data.
 | ||||
|                         if (common.validateObjectForMongo(command.data, 1024) == false) break; | ||||
| 
 | ||||
|                         // Save to database
 | ||||
|                         command.data._id = 'si' + obj.dbNodeKey; | ||||
|                         command.data.type = 'sysinfo'; | ||||
|                         command.data.domain = domain.id; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue