Skip to content

Fixed security issues #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 6, 2022
Merged

Fixed security issues #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4033c72
Added 'SameSite=Strict' cookie attribute, reducing overall CSRF attac…
May 5, 2022
16343de
Fixed XXE vulnerability when importing a new blog
May 5, 2022
035bc37
Fixed authorization controls on controller actions and added path san…
May 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions BlogEngine/BlogEngine.Core/Services/Syndication/BlogML/BlogReader.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,15 @@ public string XmlData
/// <summary>
/// Gets an XmlReader that converts BlogML data saved as string into XML stream
/// </summary>
private XmlTextReader XmlReader
private XmlReader XmlReader
{
get
{
var byteArray = Encoding.UTF8.GetBytes(this.xmlData);
var stream = new MemoryStream(byteArray);
return new XmlTextReader(stream);
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = null;
return XmlReader.Create(stream, settings);
}
}

Expand Down
18 changes: 14 additions & 4 deletions BlogEngine/BlogEngine.NET/AppCode/Api/FileManagerController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using BlogEngine.Core.Data.Contracts;
using BlogEngine.Core;
using BlogEngine.Core.Data.Contracts;
using BlogEngine.Core.FileSystem;
using BlogEngine.Core.Providers;
using System;
Expand All @@ -24,6 +25,11 @@ public IEnumerable<FileInstance> Get(int take = 10, int skip = 0, string path =
[HttpPut]
public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
{
if (!Security.IsAdministrator)
{
throw new UnauthorizedAccessException();
}

if (items == null || items.Count == 0)
throw new HttpResponseException(HttpStatusCode.ExpectationFailed);

Expand All @@ -36,10 +42,10 @@ public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
if (item.IsChecked)
{
if(item.FileType == FileType.File || item.FileType == FileType.Image)
BlogService.DeleteFile(item.FullPath);
BlogService.DeleteFile(Extensions.SanitizePath(item.FullPath));

if (item.FileType == FileType.Directory)
BlogService.DeleteDirectory(item.FullPath);
BlogService.DeleteDirectory(Extensions.SanitizePath(item.FullPath));
}
}
}
Expand All @@ -49,7 +55,11 @@ public HttpResponseMessage ProcessChecked([FromBody]List<FileInstance> items)
[HttpPut]
public HttpResponseMessage AddFolder(FileInstance folder)
{
BlogService.CreateDirectory(folder.FullPath + "/" + folder.Name);
if (!Security.IsAdministrator)
{
throw new UnauthorizedAccessException();
}
BlogService.CreateDirectory(Extensions.SanitizePath(folder.FullPath) + "/" + Extensions.SanitizePath(folder.Name));
return Request.CreateResponse(HttpStatusCode.OK);
}

Expand Down
13 changes: 13 additions & 0 deletions BlogEngine/BlogEngine.NET/Global.asax
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,17 @@
{
BlogEngineConfig.SetCulture(sender, e);
}

protected void Application_PreSendRequestHeaders ()
{
var httpContext = HttpContext.Current;
if (httpContext != null) {
var cookieValueSuffix = "; SameSite=Strict";
var cookies = httpContext.Response.Cookies;
for (var i = 0; i < cookies.Count; i++)
{
var cookie = cookies[i]; cookie.Value += cookieValueSuffix;
}
}
}
</script>