Skip to content

Commit

Permalink
Merge pull request #478 from yogeshojha/security/huntr-xss-in-tool
Browse files Browse the repository at this point in the history 
Fixed XSS on Tool section
  • Loading branch information
@yogeshojha
yogeshojha committed Aug 28, 2021
2 parents 650c2da + 07a4b5d commit d7e0a46
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 4 deletions.
4 changes: 2 additions & 2 deletions web/scanEngine/static/scanEngine/js/custom_tools.js
View file
@@ -1,7 +1,7 @@
function load_gf_template(pattern_name){
$('#modal-size').removeClass('modal-xl');
$('#modal-size').addClass('modal-lg');
$('.modal-title').html(`GF Pattern ` + pattern_name);
$('.modal-title').html(`GF Pattern ` + htmlEncode(pattern_name));
$('#exampleModal').modal('show');
$('.modal-text').empty();
$('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
Expand All @@ -18,7 +18,7 @@ function load_gf_template(pattern_name){
function load_nuclei_template(pattern_name){
$('#modal-size').removeClass('modal-lg');
$('#modal-size').addClass('modal-xl');
$('.modal-title').html(`Nuclei Pattern ` + pattern_name);
$('.modal-title').html(`Nuclei Pattern ` + htmlEncode(pattern_name));
$('#exampleModal').modal('show');
$('.modal-text').empty();
$('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
Expand Down
1 change: 1 addition & 0 deletions web/scanEngine/templates/scanEngine/settings/tool.html
View file
Expand Up @@ -201,4 +201,5 @@ <h4><a href="https://github.com/OWASP/Amass" class="text-info" target="_blank">A

{% block page_level_script %}
<script src="{% static 'scanEngine/js/custom_tools.js' %}" charset="utf-8"></script>
<script src="{% static 'custom/custom.js' %}" charset="utf-8"></script>
{% endblock page_level_script %}
7 changes: 5 additions & 2 deletions web/scanEngine/views.py
View file
Expand Up @@ -245,7 +245,9 @@ def tool_specific_settings(request):
if file_extension != 'json':
messages.add_message(request, messages.ERROR, 'Invalid GF Pattern, upload only *.json extension')
else:
file_path = '/root/.gf/' + gf_file.name
# remove special chars from filename, that could possibly do directory traversal or XSS
filename = re.sub(r'[\\/*?:"<>|]',"", gf_file.name)
file_path = '/root/.gf/' + filename
file = open(file_path, "w")
file.write(gf_file.read().decode("utf-8"))
file.close()
Expand All @@ -258,7 +260,8 @@ def tool_specific_settings(request):
if file_extension != 'yaml':
messages.add_message(request, messages.ERROR, 'Invalid Nuclei Pattern, upload only *.yaml extension')
else:
file_path = '/root/nuclei-templates/' + nuclei_file.name
filename = re.sub(r'[\\/*?:"<>|]',"", nuclei_file.name)
file_path = '/root/nuclei-templates/' + filename
file = open(file_path, "w")
file.write(nuclei_file.read().decode("utf-8"))
file.close()
Expand Down

0 comments on commit d7e0a46

Please sign in to comment.