matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security Fix: mitigate ReDOS attacks on the chat bot.

Browse Source
This commit is contained in:
John Livingston
2025-06-06 16:37:06 +02:00
parent 98dc729447
commit 0be11fb2ae
9 changed files with 2068 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/lib/routers/api/configuration.ts
View File

@ -110,10 +110,17 @@ async function initConfigurationApiRouter (options: RegisterServerOptions, route
// req.body.bot.forbidSpecialChars.enabled = false
// ... NoDuplicate...
// }
channelOptions = await sanitizeChannelConfigurationOptions(options, channelInfos.id, req.body)
} catch (err) {
logger.warn(err)
res.sendStatus(400)
channelOptions = await sanitizeChannelConfigurationOptions(options, channelInfos.id, req.body, 'validation')
} catch (err: any) {
logger.warn(err.message as string)
if (err.validationErrorMessage && (typeof err.validationErrorMessage === 'string')) {
res.status(400)
res.json({
validationErrorMessage: err.validationErrorMessage
})
} else {
res.sendStatus(400)
}
return
}