From 924cc44a20ef55662eda9fc25eef06841f2320bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Rynning-T=C3=B8nnesen?= Date: Sun, 4 Mar 2018 22:57:27 +0100 Subject: [PATCH] More typechecking --- server/handlers/chat.js | 13 ++++++++++--- server/handlers/frontpage.js | 1 + server/handlers/io.js | 15 ++++++++++++--- server/handlers/list.js | 15 ++++++--------- server/handlers/list_change.js | 8 ++++---- server/handlers/list_settings.js | 5 +++++ server/handlers/search.js | 3 ++- server/handlers/suggestions.js | 4 ++-- 8 files changed, 42 insertions(+), 22 deletions(-) diff --git a/server/handlers/chat.js b/server/handlers/chat.js index 39cd60ce..a80450d4 100644 --- a/server/handlers/chat.js +++ b/server/handlers/chat.js @@ -25,7 +25,10 @@ function get_history(channel, all, socket) { function chat(msg, guid, offline, socket) { - if(typeof(msg) !== 'object' && !msg.hasOwnProperty('data') && !msg.hasOwnProperty('channel') && !msg.hasOwnProperty('pass')) { + if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') || + !msg.hasOwnProperty('channel') || !msg.hasOwnProperty('pass') || + typeof(msg.data) != "string" || typeof(msg.channel) != "string" || + typeof(msg.pass) != "string") { socket.emit('update_required'); return; } @@ -58,7 +61,9 @@ function chat(msg, guid, offline, socket) { } function all_chat(msg, guid, offline, socket) { - if(typeof(msg) !== 'object' || !msg.hasOwnProperty("channel") || !msg.hasOwnProperty("data")) { + if(typeof(msg) !== 'object' || !msg.hasOwnProperty("channel") || + !msg.hasOwnProperty("data") || typeof(msg.data) != "string" || + typeof(msg.channel) != "string") { socket.emit('update_required'); return; } @@ -86,7 +91,9 @@ function all_chat(msg, guid, offline, socket) { } function namechange(data, guid, socket, tried) { - if(!data.hasOwnProperty("name") || data.name.length > 10 || !data.hasOwnProperty("channel")) return; + if(!data.hasOwnProperty("name") || data.name.length > 10 || + !data.hasOwnProperty("channel") || typeof(msg.name) != "string" || + typeof(msg.channel) != "string") return; var pw = ""; var new_password; var first = false; diff --git a/server/handlers/frontpage.js b/server/handlers/frontpage.js index 8c7e655c..cfaec560 100644 --- a/server/handlers/frontpage.js +++ b/server/handlers/frontpage.js @@ -1,6 +1,7 @@ function frontpage_lists(msg, socket) { if(msg == undefined || !msg.hasOwnProperty('version') || msg.version != VERSION || msg.version == undefined) { socket.emit("update_required"); + return; } db.collection("frontpage_lists").find({frontpage:true}, function(err, docs){ diff --git a/server/handlers/io.js b/server/handlers/io.js index 4aa70710..b52d26d1 100644 --- a/server/handlers/io.js +++ b/server/handlers/io.js @@ -46,7 +46,9 @@ module.exports = function() { socket.on('chromecast', function(msg) { try { - if(typeof(msg) == "object" && msg.hasOwnProperty("guid") && msg.hasOwnProperty("socket_id") && msg.hasOwnProperty("channel")) { + if(typeof(msg) == "object" && msg.hasOwnProperty("guid") && + msg.hasOwnProperty("socket_id") && msg.hasOwnProperty("channel") && typeof(msg.guid) == "string" && + typeof(msg.channel) == "string" && typeof(msg.socket_id) == "string") { db.collection("connected_users").find({"_id": msg.channel}, function(err, connected_users_channel) { if(connected_users_channel.length > 0 && connected_users_channel[0].users.indexOf(msg.guid) > -1) { guid = msg.guid; @@ -113,7 +115,8 @@ module.exports = function() { }); socket.on("offline", function(msg){ - if(!msg.hasOwnProperty('status') && !msg.hasOwnProperty('channel')) { + if(!msg.hasOwnProperty('status') || !msg.hasOwnProperty('channel') || + typeof(msg.status) != "boolean" || typeof(msg.channel) != "string") { socket.emit("update_required"); return; } @@ -159,6 +162,11 @@ module.exports = function() { }); socket.on('get_history', function(msg) { + if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") || + typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") { + socket.emit("update_required"); + return; + } Chat.get_history(msg.channel, msg.all, socket); }); @@ -352,7 +360,8 @@ module.exports = function() { socket.on('pos', function(obj) { - + if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" || + (obj.hasOwnProperty("pass") && typeof(obj.pass) != "string")) if(coll !== undefined) { try { coll = obj.channel; diff --git a/server/handlers/list.js b/server/handlers/list.js index 9b0e22e5..f3f5432a 100644 --- a/server/handlers/list.js +++ b/server/handlers/list.js @@ -22,8 +22,10 @@ function list(msg, guid, coll, offline, socket) { if(typeof(msg) === 'object' && msg !== undefined && msg !== null && msg.hasOwnProperty("channel") && msg.hasOwnProperty('pass')) { - if(!msg.hasOwnProperty('version') || msg.version != VERSION || msg.version == undefined) { + if(!msg.hasOwnProperty('version') || msg.version != VERSION || msg.version == undefined || + typeof(msg.channel) != "string" || typeof(msg.pass) != "string") { socket.emit("update_required"); + return; } if(coll == "" || coll == undefined || coll == null) { @@ -92,7 +94,7 @@ function skip(list, guid, coll, offline, socket) { } if(typeof(list.pass) != "string" || typeof(list.id) != "string" || typeof(list.channel) != "string" || typeof(list.userpass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } db.collection(coll + "_settings").find(function(err, docs){ @@ -433,17 +435,12 @@ function end(obj, coll, guid, offline, socket) { if(id !== undefined && id !== null && id !== "") { - if(coll == "" || coll == undefined || coll == null) { + if(coll == "" || coll == undefined || coll == null || typeof(obj.id) != "string" || typeof(obj.channel) != "string" || + typeof(obj.pass) != "string") { socket.emit("update_required"); return; } - if(typeof(obj.id) != "string" || typeof(obj.channel) != "string" || - typeof(obj.pass) != "string") { - socket.emit("toast", "update_required"); - return; - } - db.collection(coll + "_settings").find(function(err, docs){ if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, obj.pass)))) { diff --git a/server/handlers/list_change.js b/server/handlers/list_change.js index 95282414..3cddf64b 100644 --- a/server/handlers/list_change.js +++ b/server/handlers/list_change.js @@ -34,7 +34,7 @@ function add_function(arr, coll, guid, offline, socket) { typeof(arr.playlist) != "boolean" || typeof(arr.num) != "number" || typeof(arr.total) != "number" || typeof(arr.pass) != "string" || typeof(arr.adminpass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } @@ -192,7 +192,7 @@ function voteUndecided(msg, coll, guid, offline, socket) { if(typeof(msg.channel) != "string" || typeof(msg.id) != "string" || typeof(msg.type) != "string" || typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } @@ -233,7 +233,7 @@ function shuffle(msg, coll, guid, offline, socket) { if(typeof(msg.adminpass) != "string" || typeof(msg.channel) != "string" || typeof(msg.pass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } @@ -334,7 +334,7 @@ function delete_all(msg, coll, guid, offline, socket) { if(typeof(msg.channel) != "string" || typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } db.collection(coll + "_settings").find(function(err, conf) { diff --git a/server/handlers/list_settings.js b/server/handlers/list_settings.js index 3b8a0d3c..5c2a9153 100644 --- a/server/handlers/list_settings.js +++ b/server/handlers/list_settings.js @@ -1,6 +1,11 @@ function password(inp, coll, guid, offline, socket) { if(inp !== undefined && inp !== null && inp !== "") { + if(!inp.hasOwnProperty("password") || !inp.hasOwnProperty("channel") || + typeof(inp.password) != "string" || typeof(inp.channel) != "string") { + socket.emit("update_required"); + return; + } pw = inp.password; opw = inp.password; try { diff --git a/server/handlers/search.js b/server/handlers/search.js index de04e783..dc30feb5 100644 --- a/server/handlers/search.js +++ b/server/handlers/search.js @@ -67,7 +67,8 @@ function get_correct_info(song_generated, channel, broadcast, callback) { } function check_error_video(msg, channel) { - if(!msg.hasOwnProperty("id") || !msg.hasOwnProperty("title")) { + if(!msg.hasOwnProperty("id") || !msg.hasOwnProperty("title") || + typeof(msg.id) != "string" || typeof(msg.title) != "string") { socket.emit("update_required"); return; } diff --git a/server/handlers/suggestions.js b/server/handlers/suggestions.js index fac9e349..be54cc2d 100644 --- a/server/handlers/suggestions.js +++ b/server/handlers/suggestions.js @@ -2,7 +2,7 @@ function thumbnail(msg, coll, guid, offline, socket) { if(msg.thumbnail && msg.channel && msg.adminpass && msg.thumbnail.indexOf("i.imgur.com") > -1){ if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string" || typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, ""); @@ -30,7 +30,7 @@ function description(msg, coll, guid, offline, socket) { if(msg.description && msg.channel && msg.adminpass && msg.description.length < 100){ if(typeof(msg.channel) != "string" || typeof(msg.description) != "string" || typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { - socket.emit("toast", "update_required"); + socket.emit("update_required"); return; } var channel = msg.channel.toLowerCase();