Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: set cookie securely, and prevent XSS in the /enrollment route
  • Loading branch information
mattmapadmi committed Sep 30, 2020
1 parent b7b05eb commit bb33d43
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 7 deletions.
1 change: 0 additions & 1 deletion app.js
Expand Up @@ -18,7 +18,6 @@ app.set('port', process.env.PORT || 3001);
app.set('views', __dirname + '/views');
app.set('view engine', 'pug');

app.use(express.urlencoded({extended: true}));
app.use(cookieParser(process.env.COOKIE_KEY || 'f76210bc2acc4f54af5754e15b0aab05'));
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.raw({
Expand Down
28 changes: 22 additions & 6 deletions routes/mobileconfig.js
Expand Up @@ -10,15 +10,20 @@ exports.enrollment = function(req, res){
var query = url_parts.query;

var tudid = query.udid;
if (tudid) // If it's in the query, store it and redirect (so the user doesn't see the UDID being sent in the URL)
if (tudid && extractValidUdid(tudid)) // If it's in the query, store it and redirect (so the user doesn't see the UDID being sent in the URL)
{
res.cookie('newudid', query.udid, { maxAge: 10 * 60 * 1000}); // Store for 10 minutes
res.cookie('newudid', query.udid,
{
maxAge: 10 * 60 * 1000,
httpOnly: true,
secure: process.env.NODE_ENV === 'production'? true: false
});
res.redirect('/enrollment');
}
else
{
var cookie = req.cookies.newudid;
if (cookie) {
if (cookie && extractValidUdid(cookie)) {
// Found the cookie, let's render it
res.render('udid', { udid: cookie, title: 'udid.fyi'});
}
Expand All @@ -29,13 +34,24 @@ exports.enrollment = function(req, res){
}
}
exports.enroll = function(req, res){
var match = req.body.toString().match(/(0000[\d]{4}-00[A-Fa-f\d]+)|([a-fA-F\d]{40})/);
var udid = extractValidUdid(req.body.toString())

if (match && match.length > 0) {
res.redirect(301,'/enrollment?udid=' + match[0]);
if (udid) {
res.redirect(301,'/enrollment?udid=' + udid);
}
else {
res.status(400)
res.send('Did not find a valid UDID in the body')
}
};

function extractValidUdid (udid) {
const match = udid.match(/(0000[\d]{4}-00[A-Fa-f\d]+)|([a-fA-F\d]{40})/);

if (match && match.length > 0) {
return match[0]
}
else {
return null
}
}

0 comments on commit bb33d43

Please sign in to comment.