Skip to content

Commit

Permalink
Merge pull request #583 from Swiddis/osints/sanitize-paths
Browse files Browse the repository at this point in the history
Copy path sanitization from osints/dev
  • Loading branch information
Swiddis authored Jun 28, 2023
2 parents d6d4fb2 + e4554aa commit 6d5bd47
Show file tree
Hide file tree
Showing 3 changed files with 468 additions and 503 deletions.
4 changes: 3 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,16 @@
"react-graph-vis": "^1.0.5",
"react-paginate": "^8.1.3",
"react-plotly.js": "^2.5.1",
"redux-persist": "^6.0.0"
"redux-persist": "^6.0.0",
"sanitize-filename": "^1.6.3"
},
"devDependencies": {
"@cypress/skip-test": "^2.6.1",
"@types/enzyme-adapter-react-16": "^1.0.6",
"@types/mime": "^3.0.1",
"@types/react-plotly.js": "^2.5.0",
"@types/react-test-renderer": "^16.9.1",
"@types/sanitize-filename": "^1.6.3",
"antlr4ts-cli": "^0.5.0-alpha.4",
"cypress": "^12.8.1",
"cypress-watch-and-reload": "^1.10.6",
Expand Down
4 changes: 3 additions & 1 deletion server/routes/integrations/integrations_router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import { schema } from '@osd/config-schema';
import * as mime from 'mime';
import sanitize from 'sanitize-filename';
import { IRouter, RequestHandlerContext } from '../../../../../src/core/server';
import { INTEGRATIONS_BASE } from '../../../common/constants/shared';
import { IntegrationsAdaptor } from '../../adaptors/integrations/integrations_adaptor';
Expand Down Expand Up @@ -132,7 +133,8 @@ export function registerIntegrationsRoute(router: IRouter) {
async (context, request, response): Promise<any> => {
const adaptor = getAdaptor(context, request);
try {
const result = await adaptor.getStatic(request.params.id, request.params.path);
const requestPath = sanitize(request.params.path);
const result = await adaptor.getStatic(request.params.id, requestPath);
return response.ok({
headers: {
'Content-Type': mime.getType(request.params.path),
Expand Down
Loading

0 comments on commit 6d5bd47

Please sign in to comment.