Make GitHub ribbon color customizable via parameter gitHubRibbon

(possible leverage point for #217)
juice-shop · Dec 30, 2017 · e7c8735 · e7c8735
1 parent adb9d9c
commit e7c8735
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/routes/fileUpload.js b/routes/fileUpload.js
@@ -17,7 +17,11 @@ exports = module.exports = function fileUpload () {
         utils.solve(challenges.deprecatedInterfaceChallenge)
       }
       if (file.buffer) {
-        const xmlDoc = libxml.parseXml(file.buffer.toString(), { noblanks: true, noent: true, nocdata: true })
+        const data = file.buffer.toString()
+        if (utils.contains(data, '/dev/random')) { // circuit breaker to prevent common DoS attack
+          next(new Error('Blocked illegal activity by ' + req.connection.remoteAddress))
+        }
+        const xmlDoc = libxml.parseXml(data, { noblanks: true, noent: true, nocdata: true })
         const xmlString = xmlDoc.toString()
         if (utils.notSolved(challenges.xxeFileDisclosureChallenge) && (matchesSystemIniFile(xmlString) || matchesEtcPasswdFile(xmlString))) {
           utils.solve(challenges.xxeFileDisclosureChallenge)