Skip to content

Commit

Permalink
#2985 Prevent XSS for REST API by escape String content:
Browse files Browse the repository at this point in the history
- Fixed create Data Source in new UI;
- Fixed update Meta Data Point in new UI;
  • Loading branch information
Limraj committed Nov 25, 2024
1 parent ac79f82 commit 78fb45f
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 29 deletions.
5 changes: 2 additions & 3 deletions scadalts-ui/src/components/datasources/DataSourceConfig.vue
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,9 @@ export default {
mounted() {
if (this.creator) {
this.$store.dispatch('getUniqueDataSourceXid').then((resp) => {
this.datasource.xid = resp;
this.datasource.tempXid = resp;
this.datasource = JSON.parse(JSON.stringify(this.datasource));
});
this.datasource.tempName = this.datasource.name;
} else {
this.datasource.tempName = this.datasource.name;
this.datasource.tempXid = this.datasource.xid;
Expand Down Expand Up @@ -176,7 +175,7 @@ export default {
} catch (e) {
console.error('Failed to fetch data');
}
},
}
},
};
</script>
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ export const dataSourceConfigMixin = {
generateUniqueXid() {
if (this.createMode) {
this.$store.dispatch('getUniqueDataSourceXid').then(resp => {
this.datasource.xid = resp;
this.datasource.tempXid = resp;
this.datasource = JSON.parse(JSON.stringify(this.datasource));
});
}
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
:creator="createMode"
:datapoint="datapoint"
@cancel="cancel()"
@accept="save()"
@accept="save"
>
<template v-slot:selector>
<v-select
Expand Down
38 changes: 19 additions & 19 deletions scadalts-ui/src/components/datasources/VirtualDataSource/point.vue
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
label="Start Value"
v-model="datapoint.pointLocator.alternateBooleanChange.startValue"
:items="booleanSelectBox"
:rules = "[ruleNotNull]"
:rules = "ruleNotNull"
></v-select>
</v-col>
</v-row>
Expand All @@ -50,7 +50,7 @@
label="Start Value"
v-model="datapoint.pointLocator.randomBooleanChange.startValue"
:items="booleanSelectBox"
:rules = "[ruleNotNull]"
:rules = "ruleNotNull"
></v-select>
</v-col>
</v-row>
Expand All @@ -60,7 +60,7 @@
label="Start Value"
v-model="datapoint.pointLocator.noChange.startValue"
:items="booleanSelectBox"
:rules = "[ruleNotNull]"
:rules = "ruleNotNull"
required
></v-select>
</v-col>
Expand Down Expand Up @@ -97,7 +97,7 @@
label="Initail Value"
v-model="datapoint.pointLocator.incrementMultistateChange.startValue"
:items="datapoint.pointLocator.incrementMultistateChange.values"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-select>
</v-col>
<v-col
Expand Down Expand Up @@ -145,7 +145,7 @@
label="Initail Value"
v-model="datapoint.pointLocator.randomMultistateChange.startValue"
:items="datapoint.pointLocator.randomMultistateChange.values"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-select>
</v-col>
<v-col
Expand All @@ -171,7 +171,7 @@
label="Start Value"
type="number"
v-model="datapoint.pointLocator.noChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand All @@ -194,23 +194,23 @@
type="Number"
label="Maximum"
v-model="datapoint.pointLocator.brownianChange.max"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="Maximum Change"
v-model="datapoint.pointLocator.brownianChange.maxChange"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="Start value"
v-model="datapoint.pointLocator.brownianChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand All @@ -232,15 +232,15 @@
type="Number"
label="Maximum"
v-model="datapoint.pointLocator.incrementAnalogChange.max"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="Maximum Change"
v-model="datapoint.pointLocator.incrementAnalogChange.change"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
Expand All @@ -254,7 +254,7 @@
type="Number"
label="Start value"
v-model="datapoint.pointLocator.incrementAnalogChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand All @@ -265,7 +265,7 @@
type="Number"
label="Start value"
v-model="datapoint.pointLocator.noChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand All @@ -292,7 +292,7 @@
type="Number"
label="Start value"
v-model="datapoint.pointLocator.randomAnalogChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
<!-- TODO: Add rule for not null -->
</v-col>
Expand All @@ -309,31 +309,31 @@
type="Number"
label="Attraction Point ID"
v-model="datapoint.pointLocator.analogAttractorChange.attractionPointId"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="volatility"
v-model="datapoint.pointLocator.analogAttractorChange.volatility"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="maxChange"
v-model="datapoint.pointLocator.analogAttractorChange.maxChange"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
<v-col>
<v-text-field
type="Number"
label="Start value"
v-model="datapoint.pointLocator.analogAttractorChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand All @@ -346,7 +346,7 @@
<v-text-field
label="Initial Value"
v-model="datapoint.pointLocator.noChange.startValue"
:rules="[ruleNotNull]"
:rules="ruleNotNull"
></v-text-field>
</v-col>
</v-row>
Expand Down
8 changes: 3 additions & 5 deletions scadalts-ui/src/views/Reports/ReportsForm.vue
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@
<v-text-field
v-model="email"
label="Add email address"
:rules="[emailRules, xssRules]"
:rules="emailRules"
>
<template slot="append-outer">
<v-icon v-if="validEmail" color="green darken-2" @click="addMail" >mdi-plus</v-icon>
Expand Down Expand Up @@ -395,10 +395,8 @@ export default {
],
emailRules: [
v => /\S+@\S+\.\S+/.test(v) || this.$t('reports.emailMustBeValid'),
v => !(/^(.*?((expression\s*\()|url\s*\(\s*['\"]?javascript:|url\s*\(\s*['\"]?data:|<script[^>]*>|<\/script>|<img[^>]+onerror=|@import\s+url\s*\(\s*['\"]?javascript:|<img[^>]*>|<script[^>]*>|<[^>]+>onerror\s*=|onload\s*=|eval\s*\(|alert\s*\(|onerror\s*=|document.location){1}.*?)$/.test(v)) || this.$t('reports.emailMustBeValid')
],
xssRules: [
v => !(/^(.*?((expression\s*\()|url\s*\(\s*['\"]?javascript:|url\s*\(\s*['\"]?data:|<script[^>]*>|<\/script>|<img[^>]+onerror=|@import\s+url\s*\(\s*['\"]?javascript:|<img[^>]*>|<script[^>]*>|<[^>]+>onerror\s*=|onload\s*=|eval\s*\(|alert\s*\(|onerror\s*=|document.location){1}.*?)$/.test(v)) || this.$t('reports.emailMustBeValid')
],
userList: [],
recipientList: [],
Expand Down Expand Up @@ -625,7 +623,7 @@ export default {
if(!v) {
return false;
}
return !(typeof this.emailRules[0](v) === 'string') && !(typeof this.xssRules[0](v) === 'string');
return !(typeof this.emailRules[0](v) === 'string') && !(typeof this.emailRules[1](v) === 'string');
}
}
}
Expand Down

0 comments on commit 78fb45f

Please sign in to comment.