fix all vulnerabilities in the production code (#817)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2026-04-18 08:53:23 +02:00 · 2024-11-29 11:02:11 +01:00
parent 2f54e40206
commit 872b0bcbd8
26 changed files with 160 additions and 13627 deletions
--- a/lib/util/requtil.js
+++ b/lib/util/requtil.js
@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var util = require('util')

 var Promise = require('bluebird')
@@ -11,14 +15,28 @@ function ValidationError(message, errors) {

 util.inherits(ValidationError, Error)

+const {body, validationResult} = require('express-validator')
+module.exports.validators = {
+  mockLoginValidator: [
+    body('name', 'Invalid name').not().isEmpty()
+  , body('email', 'Invalid email').isEmail()
+  ]
+, ldapLoginValidator: [
+    body('username', 'Invalid username').not().isEmpty()
+  , body('password', 'Invalid password').not().isEmpty()
+  ]
+, tempUrlValidator: [
+    body('url', 'Invalid url').not().isEmpty()
+  ]
+}
+
 module.exports.ValidationError = ValidationError

-module.exports.validate = function(req, rules) {
+module.exports.validate = function(req) {
  return new Promise(function(resolve, reject) {
-    rules()
+    const errors = validationResult(req)

-    var errors = req.validationErrors()
-    if (!errors) {
+    if (errors.isEmpty()) {
      resolve()
    }
    else {