Security fix -

Restrict access to files on webserver by monitoring the request path content before allowing it to be accessed.
wtonsp · Apr 10, 2015 · 2b441cd · 2b441cd
1 parent eb70a19
commit 2b441cd
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/lib/webPanel.js b/lib/webPanel.js
@@ -133,6 +133,50 @@
 
         };
 
+         /**
+
+        * This function scans through any webPanel request.
+        * if the request contains the 'path' query parameter then it will pass it
+        * through a check that ensures the following:
+            - it contains logs
+            - it contains 20xx
+            - it is accessing a .json file
+        * if it passess the checks it sends the request to the next webPanel function
+        * otherwise it returns a json error message
+
+
+
+        */
+
+        webPanel.use(function(req, res, next){
+
+            var path = req.query.path
+
+            if(path!=null){
+
+                if(path.indexOf("logs")!=-1 && path.indexOf("20")!=-1 && path.indexOf(".json")!=-1) {
+
+                    next();
+
+                } else {
+
+                    var response = {};
+                    response.error = true;
+                    res.json(response);
+
+
+                }
+
+            } else {
+
+                next();
+            }
+
+
+
+
+        });
+
 
         /**
          * /api