Sanitising URL instance parameters #44

jkyberneees · 2020-12-08T14:03:13Z

Changes:

Notes on the impact:

This security issue does NOT impact implementations that rely on fast-gateway, restana or express with prefixed routes such as (app.all('/service', (...))), however it would affect low level implementations such as:

// ...
const service = new http.Server()
service.on('request', (req, res) => {
  proxy(req, res, req.url, {})
})

run npm run test and npm run benchmark
tests and/or benchmarks are included
documentation is changed or added
commit message and code follows the Developer's Certification of Origin
and the Code of conduct

jkyberneees · 2020-12-08T14:05:39Z

Hi @KaixinChen0512, may I kindly ask for your review/comments here as well?
Many thanks in advance.

KaixinChen0512 · 2020-12-08T14:32:14Z

Hi @KaixinChen0512, may I kindly ask for your review/comments here as well?
Many thanks in advance.

sure, my pleasure.

sanitising URL instances parameters

2da00f6

jkyberneees requested a review from mcollina December 8, 2020 14:03

jkyberneees changed the title ~~Sanitising URL instances parameters~~ Sanitising URL instance parameters Dec 8, 2020

KaixinChen0512 approved these changes Dec 8, 2020

View reviewed changes

Merge branch 'master' into fixing-sec-issue-buildurl

c2b8467

jkyberneees merged commit f90f26d into master Dec 9, 2020

jkyberneees deleted the fixing-sec-issue-buildurl branch December 9, 2020 20:51

Provide feedback