Skip to content
Browse files

Detect deep rewrites

  • Loading branch information...
1 parent d6e66e8 commit 5d42a9deab978c03349a8ecc58d9e9f0526d1970 @jhs committed
Showing with 23 additions and 1 deletion.
  1. +23 −1 audit_couchdb.js
View
24 audit_couchdb.js
@@ -28,11 +28,33 @@ function CouchAudit(url) {
})
self.on('ddoc', function(db_url, ddoc, info) {
+ var ddoc_url = lib.join(db_url, ddoc._id);
+
if(ddoc.language !== info.view_index.language)
throw new Error("Different languages in ddoc vs. index info: " + JSON.stringify(info) + " vs. language = " + JSON.stringify(ddoc.language));
if(ddoc.language !== 'javascript')
- this.medium("Non-standard language '" + ddoc.language + '": ' + lib.join(db_url, ddoc._id));
+ this.medium("Non-standard language '" + ddoc.language + '": ' + ddoc_url);
+
+ // Detect unsafe rewrites.
+ (ddoc.rewrites || []).forEach(function(rule) {
+ var parts = rule.to.split(/\//);
+
+ var depth = 0
+ , minimum_depth = 0;
+ parts.forEach(function(part) {
+ depth += (part === '..' ? -1 : 1);
+ if(depth < minimum_depth)
+ minimum_depth = depth;
+ })
+
+ if(minimum_depth === -2)
+ self.low("Database-level rewrite " + JSON.stringify(rule) + ": " + ddoc_url);
+ else if(minimum_depth === -3)
+ self.medium("Root-level rewrite " + JSON.stringify(rule) + ": " + ddoc_url);
+ else if(minimum_depth < -3)
+ self.high("Unknown rewrite " + JSON.stringify(rule) + ": " + ddoc_url);
+ })
})
self.on('end', function() {

0 comments on commit 5d42a9d

Please sign in to comment.
Something went wrong with that request. Please try again.