7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

K-119618: Множественные reflected xss

This commit is contained in:
Гичкалов Александр 2022-03-09 14:58:23 +04:00
parent 01639c63fe
commit 589a3591b7
10 changed files with 83 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/js/app.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/nginxconfig/templates/domain_sections/onion.vue
View File

@ -103,7 +103,7 @@ THE SOFTWARE.
'$props.data.onionLocation': {
handler(data) {
// Drop http(s)://
data.computed = data.computed.replace(/^https?:\/\//, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},

1
src/nginxconfig/templates/domain_sections/restrict.vue
View File

@ -279,6 +279,7 @@ THE SOFTWARE.
watch: {
'$props.data.responseCode': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
if (data.computed && /^[1-5][0-9][0-9]$/.test(data.computed)) {
this.validResponseCode = true;
} else {

12
src/nginxconfig/templates/domain_sections/reverse_proxy.vue
View File

@ -165,6 +165,18 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.path': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.proxyPass': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

10
src/nginxconfig/templates/domain_sections/server.vue
View File

@ -208,7 +208,7 @@ THE SOFTWARE.
watch: {
'$props.data.domain': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
// Ignore www. if given, enable WWW subdomain
if (data.computed.startsWith('www.')) {
data.computed = data.computed.slice(4);
@ -244,7 +244,7 @@ THE SOFTWARE.
// Ensure there is a default path
'$props.data.path': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
if (!data.computed.trim()) {
data.computed = `/var/www/${this.$props.data.domain.computed}`;
}
@ -253,19 +253,19 @@ THE SOFTWARE.
},
'$props.data.documentRoot': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.listenIpv4': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.listenIpv6': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},

2
src/nginxconfig/templates/global_sections/https.vue
View File

@ -374,7 +374,7 @@ THE SOFTWARE.
},
'$props.data.letsEncryptCertRoot': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},

12
src/nginxconfig/templates/global_sections/logging.vue
View File

@ -272,6 +272,18 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.accessLog': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.errorLog': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

22
src/nginxconfig/templates/global_sections/nginx.vue
View File

@ -210,10 +210,11 @@ THE SOFTWARE.
// Clean nginx directory of trailing slashes
'$props.data.nginxConfigDirectory': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
// This might cause recursion, but seems not to
if (data.enabled)
if (data.computed.endsWith('/'))
data.computed = data.computed.replace(/\/+$/, '');
data.computed = data.default;
},
deep: true,
},
@ -223,7 +224,7 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.default;
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
@ -231,6 +232,7 @@ THE SOFTWARE.
'$props.data.clientMaxBodySize': {
handler(data) {
// This might cause recursion, but seems not to
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
if (data.enabled)
if (data.computed < 0)
data.computed = 0;
@ -243,7 +245,7 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.default;
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
@ -253,7 +255,19 @@ THE SOFTWARE.
// This might cause recursion, but seems not to
if (data.enabled)
if (!data.options.includes(data.computed))
data.computed = data.default;
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.user': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.pid': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},

26
src/nginxconfig/templates/global_sections/performance.vue
View File

@ -176,5 +176,31 @@ THE SOFTWARE.
data: Object, // Data delegated back to us from parent
},
computed: computedFromDefaults(defaults, 'performance'), // Getters & setters for the delegated data
watch: {
'$props.data.svgExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.assetsExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.fontsExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
'$props.data.mediaExpiration': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>

6
src/nginxconfig/templates/global_sections/python.vue
View File

@ -96,6 +96,12 @@ THE SOFTWARE.
},
deep: true,
},
'$props.data.pythonServer': {
handler(data) {
data.computed = data.computed.replace(/([^\d]*)(\d*)([^\w]*)/, '');
},
deep: true,
},
},
};
</script>