Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GET request to /sharing (with no parameters) crashes the server #1764

Closed
ylebre opened this issue Mar 5, 2024 · 5 comments · Fixed by #1765
Closed

GET request to /sharing (with no parameters) crashes the server #1764

ylebre opened this issue Mar 5, 2024 · 5 comments · Fixed by #1765

Comments

@ylebre
Copy link

ylebre commented Mar 5, 2024

Tested on 5.7.8 and On 5.7.9-beta running in a docker container.

Fetching the URL https://localhost:8443/sharing (with no parameters) causes the server to crash with the following output on the console:

solid  | TypeError: Invalid URL
solid  |     at new URL (node:internal/url:775:36)
solid  |     at SharingRequest.getAppUrl (/usr/src/app/lib/requests/sharing-request.js:156:12)
solid  |     at get (/usr/src/app/lib/requests/sharing-request.js:70:28)
solid  |     at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid  |     at next (/usr/src/app/node_modules/express/lib/router/route.js:144:13)
solid  |     at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:114:3)
solid  |     at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid  |     at /usr/src/app/node_modules/express/lib/router/index.js:284:15
solid  |     at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
solid  |     at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10) {
solid  |   code: 'ERR_INVALID_URL',
solid  |   input: 'undefined'
solid  | }

It looks like the sharing-request handler is missing input validation to make sure all the expected parameters are present.
@bourgeoa
Copy link
Member

bourgeoa commented Mar 8, 2024

Thanks. Yes you are right

@bourgeoa bourgeoa linked a pull request Mar 8, 2024 that will close this issue
check for redirect_uri #1765
Merged
@bourgeoa
Copy link
Member

bourgeoa commented Mar 8, 2024

@ylebre
Could you check the PR #1765
I tested locally with /sharing, sharing? and /sharing?test=anything.

@ylebre
Copy link
Author

ylebre commented Mar 12, 2024

That fixes it for the GET request.

It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.

@bourgeoa
Copy link
Member

It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.

What do you mean by empty GET variables

@ylebre
Copy link
Author

ylebre commented Mar 13, 2024

A POST request to the server with an empty body also seems to trigger the same issue. I was confused about where the post request was getting the variables from, sorry about that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

check for redirect_uri nodeSolidServer/node-solid-server
2 participants
@bourgeoa @ylebre