dbgate-api-premium 6.4.3-alpha.1 → 6.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +5 -5
- package/src/controllers/auth.js +11 -0
- package/src/controllers/cloud.js +261 -0
- package/src/controllers/config.js +2 -1
- package/src/controllers/connections.js +20 -0
- package/src/controllers/databaseConnections.js +3 -0
- package/src/controllers/files.js +33 -0
- package/src/controllers/jsldata.js +26 -0
- package/src/controllers/runners.js +12 -0
- package/src/controllers/serverConnections.js +1 -1
- package/src/controllers/sessions.js +7 -2
- package/src/controllers/storage.js +9 -0
- package/src/controllers/uploads.js +4 -0
- package/src/currentVersion.js +2 -2
- package/src/main.js +5 -0
- package/src/proc/connectProcess.js +1 -8
- package/src/proc/sessionProcess.js +2 -2
- package/src/shell/deployDb.js +10 -1
- package/src/shell/executeQuery.js +3 -1
- package/src/utility/authProxy.js +12 -8
- package/src/utility/checkLicense.js +11 -13
- package/src/utility/cloudIntf.js +399 -0
- package/src/utility/crypting.js +6 -6
- package/src/utility/handleQueryStream.js +64 -5
- package/src/utility/hardwareFingerprint.js +1 -0
- package/src/utility/security.js +52 -0
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
const path = require('path');
|
|
2
|
+
const { filesdir, archivedir, uploadsdir, appdir } = require('../utility/directories');
|
|
3
|
+
|
|
4
|
+
function checkSecureFilePathsWithoutDirectory(...filePaths) {
|
|
5
|
+
for (const filePath of filePaths) {
|
|
6
|
+
if (filePath.includes('..') || filePath.includes('/') || filePath.includes('\\')) {
|
|
7
|
+
return false;
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
return true;
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
function checkSecureDirectories(...filePaths) {
|
|
14
|
+
for (const filePath of filePaths) {
|
|
15
|
+
if (!filePath.includes('/') && !filePath.includes('\\')) {
|
|
16
|
+
// If the filePath does not contain any directory separators, it is considered secure
|
|
17
|
+
continue;
|
|
18
|
+
}
|
|
19
|
+
const directory = path.dirname(filePath);
|
|
20
|
+
if (directory != filesdir() && directory != uploadsdir() && directory != archivedir() && directory != appdir()) {
|
|
21
|
+
return false;
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
return true;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
function findDisallowedFileNames(node, isAllowed, trace = '$', out = []) {
|
|
28
|
+
if (node && typeof node === 'object') {
|
|
29
|
+
if (node?.props?.fileName) {
|
|
30
|
+
const name = node.props.fileName;
|
|
31
|
+
const ok = isAllowed(name);
|
|
32
|
+
if (!ok) out.push({ path: `${trace}.props.fileName`, value: name });
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
// depth-first scan of every property / array index
|
|
36
|
+
for (const [key, val] of Object.entries(node)) {
|
|
37
|
+
findDisallowedFileNames(val, isAllowed, `${trace}.${key}`, out);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
return out;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
function checkSecureDirectoriesInScript(script) {
|
|
44
|
+
const disallowed = findDisallowedFileNames(script, checkSecureDirectories);
|
|
45
|
+
return disallowed.length == 0;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
module.exports = {
|
|
49
|
+
checkSecureDirectories,
|
|
50
|
+
checkSecureFilePathsWithoutDirectory,
|
|
51
|
+
checkSecureDirectoriesInScript,
|
|
52
|
+
};
|