From b9e2c49cc951c7c3e8625bcdaa69a18be8ced45d Mon Sep 17 00:00:00 2001
From: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
Date: Tue, 26 Jan 2021 13:28:27 +0000
Subject: [PATCH 1/2] Fix jshint warnings

---
 app/routes/research.js | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/app/routes/research.js b/app/routes/research.js
index 0645487..3e04cfe 100644
--- a/app/routes/research.js
+++ b/app/routes/research.js
@@ -1,5 +1,5 @@
 const ResearchDAO = require("../data/research-dao").ResearchDAO;
-const needle = require('needle');
+const needle = require("needle");
 const {
     environmentalScripts
 } = require("../../config/config");
@@ -14,12 +14,13 @@ function ResearchHandler(db) {
         if (req.query.symbol) {
             const url = req.query.url + req.query.symbol;
             return needle.get(url, (error, newResponse) => {
-                if (!error && newResponse.statusCode == 200)
+                if (!error && newResponse.statusCode === 200) {
                     res.writeHead(200, {
-                        'Content-Type': 'text/html'
+                        "Content-Type": "text/html"
                     });
-                res.write('<h1>The following is the stock information you requested.</h1>\n\n');
-                res.write('\n\n');
+                }
+                res.write("<h1>The following is the stock information you requested.</h1>\n\n");
+                res.write("\n\n");
                 res.write(newResponse.body);
                 return res.end();
             });

From 4a4d1db74c63fb4ff8d366551c3af006c25ead12 Mon Sep 17 00:00:00 2001
From: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
Date: Tue, 26 Jan 2021 13:37:11 +0000
Subject: [PATCH 2/2] Fix TypeError when server-side request fails

In addition to the intended SSRF vulnerability, it was possible to
crash the server with maliciously chosen query parameters.

Closes #225
---
 app/routes/research.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/routes/research.js b/app/routes/research.js
index 3e04cfe..c3ae59d 100644
--- a/app/routes/research.js
+++ b/app/routes/research.js
@@ -13,7 +13,7 @@ function ResearchHandler(db) {
 
         if (req.query.symbol) {
             const url = req.query.url + req.query.symbol;
-            return needle.get(url, (error, newResponse) => {
+            return needle.get(url, (error, newResponse, body) => {
                 if (!error && newResponse.statusCode === 200) {
                     res.writeHead(200, {
                         "Content-Type": "text/html"
@@ -21,7 +21,9 @@ function ResearchHandler(db) {
                 }
                 res.write("<h1>The following is the stock information you requested.</h1>\n\n");
                 res.write("\n\n");
-                res.write(newResponse.body);
+                if (body) {
+                    res.write(body);
+                }
                 return res.end();
             });
         }