fix vulnerability (#5098)

* safe

* add get cookie

* fix

* fix

* fix
This commit is contained in:
heheer
2025-06-27 14:35:38 +08:00
committed by GitHub
parent 1cc86f9eb7
commit b6a258d494
9 changed files with 101 additions and 22 deletions

View File

@@ -1,4 +1,33 @@
// Function to escape CSV fields to prevent injection attacks
export const sanitizeCsvField = (field: String): string => {
if (field == null) return '';
let fieldStr = String(field);
// Check for dangerous starting characters that could cause CSV injection
if (fieldStr.match(/^[\=\+\-\@\|]/)) {
// Add prefix to neutralize potential formula injection
fieldStr = `'${fieldStr}`;
}
// Handle special characters that need escaping in CSV
if (
fieldStr.includes(',') ||
fieldStr.includes('"') ||
fieldStr.includes('\n') ||
fieldStr.includes('\r')
) {
// Escape quotes and wrap field in quotes
fieldStr = `"${fieldStr.replace(/"/g, '""')}"`;
}
return fieldStr;
};
export const generateCsv = (headers: string[], data: string[][]) => {
const csv = [headers.join(','), ...data.map((row) => row.join(','))].join('\n');
const sanitizedHeaders = headers.map((header) => sanitizeCsvField(header));
const sanitizedData = data.map((row) => row.map((cell) => sanitizeCsvField(cell)));
const csv = [sanitizedHeaders.join(','), ...sanitizedData.map((row) => row.join(','))].join('\n');
return csv;
};

View File

@@ -1,7 +1,7 @@
import Cookie from 'cookie';
import { ERROR_ENUM } from '@fastgpt/global/common/error/errorCode';
import jwt from 'jsonwebtoken';
import { type NextApiResponse } from 'next';
import { type NextApiResponse, type NextApiRequest } from 'next';
import type { AuthModeType, ReqHeaderAuthType } from './type.d';
import type { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
@@ -231,7 +231,7 @@ export async function parseHeaderCert({
return Promise.reject(ERROR_ENUM.unAuthorization);
}
return authUserSession(cookieToken);
return { ...(await authUserSession(cookieToken)), sessionId: cookieToken };
}
// from authorization get apikey
async function parseAuthorization(authorization?: string) {
@@ -283,7 +283,7 @@ export async function parseHeaderCert({
const { cookie, token, rootkey, authorization } = (req.headers || {}) as ReqHeaderAuthType;
const { uid, teamId, tmbId, appId, openApiKey, authType, isRoot, sourceName } =
const { uid, teamId, tmbId, appId, openApiKey, authType, isRoot, sourceName, sessionId } =
await (async () => {
if (authApiKey && authorization) {
// apikey from authorization
@@ -309,7 +309,8 @@ export async function parseHeaderCert({
appId: '',
openApiKey: '',
authType: AuthUserTypeEnum.token,
isRoot: res.isRoot
isRoot: res.isRoot,
sessionId: res.sessionId
};
}
if (authRoot && rootkey) {
@@ -341,7 +342,8 @@ export async function parseHeaderCert({
authType,
sourceName,
apikey: openApiKey,
isRoot: !!isRoot
isRoot: !!isRoot,
sessionId
};
}
@@ -353,6 +355,7 @@ export const setCookie = (res: NextApiResponse, token: string) => {
`${TokenName}=${token}; Path=/; HttpOnly; Max-Age=604800; Samesite=Strict;`
);
};
/* clear cookie */
export const clearCookie = (res: NextApiResponse) => {
res.setHeader('Set-Cookie', `${TokenName}=; Path=/; Max-Age=0`);

View File

@@ -83,12 +83,11 @@ const getSession = async (key: string): Promise<SessionType> => {
return Promise.reject(ERROR_ENUM.unAuthorization);
}
};
export const delUserAllSession = async (userId: string, whileList?: string[]) => {
const formatWhileList = whileList?.map((item) => getSessionKey(item));
export const delUserAllSession = async (userId: string, whiteList?: (string | undefined)[]) => {
const formatWhiteList = whiteList?.map((item) => item && getSessionKey(item));
const redis = getGlobalRedisConnection();
const keys = (await getAllKeysByPrefix(`${redisPrefix}${userId}`)).filter(
(item) => !formatWhileList?.includes(item)
(item) => !formatWhiteList?.includes(item)
);
if (keys.length > 0) {