cubetiq/code-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: sanitize password and cookie key

Browse Source
This commit is contained in:
Joe Previte
2021-06-07 14:46:59 -07:00
parent deaa2242ca
commit 3b50bfc17d
6 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/node/http.ts
View File

@@ -7,7 +7,7 @@ import { normalize, Options } from "../common/util"
import { AuthType, DefaultedArgs } from "./cli"
import { commit, rootPath } from "./constants"
import { Heart } from "./heart"
import { getPasswordMethod, IsCookieValidArgs, isCookieValid } from "./util"
import { getPasswordMethod, IsCookieValidArgs, isCookieValid, sanitizeString } from "./util"
declare global {
// eslint-disable-next-line @typescript-eslint/no-namespace
@@ -72,7 +72,7 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {
const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
const isCookieValidArgs: IsCookieValidArgs = {
passwordMethod,
cookieKey: req.cookies.key as string,
cookieKey: sanitizeString(req.cookies.key),
passwordFromArgs: req.args.password || "",
hashedPasswordFromArgs: req.args["hashed-password"],
}