Fix reflected XSS vulnerability in the Webhook server.

If the body of the request was not correctly read the error provided was directly sent to the user. Now a standard error message is sent every time there is a problem in the processing of the request body, this fix avoid also the information leakage due to the use of specific errors for every different problem.
liqotech · Jul 12, 2021 · 63123a6 · 63123a6
1 parent 0edb724
commit 63123a6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/mutate/server.go b/pkg/mutate/server.go
@@ -62,15 +62,16 @@ func NewMutationServer(ctx context.Context, c *MutationConfig) (*MutationServer,
 func (s *MutationServer) handleMutate(w http.ResponseWriter, r *http.Request) {
 	// read the body / request
 	body, err := ioutil.ReadAll(r.Body)
-
 	if err != nil {
+		err = fmt.Errorf("unable to correctly read the body of the request")
 		s.sendError(err, w)
 		return
 	}
 
 	// mutate the request
 	mutated, err := s.Mutate(body)
 	if err != nil {
+		err = fmt.Errorf("unable to correctly mutate the request")
 		s.sendError(err, w)
 		return
 	}