valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Restricting API request method to GET by default for dev tool feature

Browse Source
This commit is contained in:
Jesús Ángel González 2018-05-11 10:39:37 +02:00
parent 9cbc79d57e
commit b34b397128
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/controllers/dev-tools.js
View File

@ -238,7 +238,8 @@ app.controller('devToolsController', function($scope, $rootScope, errorHandler,
}
const path = req.includes('?') ? req.split('?')[0] : req;
const params = req.includes('?') ? parseParams(req.split('?')[1]) : {}
const params = { devTools: true }
if(typeof JSONraw === 'object') JSONraw.devTools = true;
const output = await apiReq.request(method, path, validJSON && !req.includes('?') ? JSONraw : params)
apiOutputBox.setValue(

7
server/controllers/wazuh-api.js
View File

@ -321,6 +321,13 @@ export default class WazuhApi {
} else if (!req.payload.path) {
return ErrorResponse('Missing param: path', 3016, 400, reply);
} else {
if(req.payload.method !== 'GET' && req.payload.body && req.payload.body.devTools){
const configuration = getConfiguration();
if(!configuration || (configuration && !configuration['devtools.allowall'])){
return ErrorResponse('Allowed method: [GET]', 3023, 400, reply);
}
}
if(req.payload.body.devTools) delete req.payload.body.devTools;
return this.makeRequest(req.payload.method, req.payload.path, req.payload.body, req.payload.id, reply);
}
}