diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-11-22 15:07:18 +0000 |
---|---|---|
committer | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-11-22 15:07:18 +0000 |
commit | 6d9e9c449782cbf560a0dd591509c596326b8bf0 (patch) | |
tree | de91df55c586e26db0ac16a1acdc995c53629485 /admportal/server/router/routes/dbRoutes.js | |
parent | 34f2213be95352e1643bbeaadfe5723fbddf1c35 (diff) |
fixing security issues found in onap admportal
changed exec command to spawn command to prevent arbitray code execution
Issue-ID: SDNC-978
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Change-Id: I4487b5c7a14d7a7b1e4985b89e646cf6801845e0
Former-commit-id: 484d74555c481f055a7f33909071962cace85aa0
Diffstat (limited to 'admportal/server/router/routes/dbRoutes.js')
-rw-r--r-- | admportal/server/router/routes/dbRoutes.js | 581 |
1 files changed, 379 insertions, 202 deletions
diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js index c4a09fdc..af3859b5 100644 --- a/admportal/server/router/routes/dbRoutes.js +++ b/admportal/server/router/routes/dbRoutes.js @@ -262,48 +262,45 @@ console.log('checkDB'); exports.saveUser = function(req,res){ -console.log('b4 sani'); + var tkn = req.csrfToken(); var email = req.sanitize(req.body.nf_email); var pswd = req.sanitize(req.body.nf_password); -console.log('after sani'); pool.getConnection(function(err,connection) { if(err){ console.error( String(err) ); // ALARM - res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); + res.render("pages/signup", {csrfToken:tkn,result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); return; } - var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'"; + var sql = "SELECT email FROM PORTAL_USERS WHERE email=" + connection.escape(email); connection.query(sql, function(err,result) { if(err){ connection.release(); - res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); + res.render("pages/signup", {csrfToken:tkn, result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); return; } if (result.length == 1 || result.length > 1) { connection.release(); - res.render("pages/signup", {result:{code:'error', msg:'User Information already exists.'},header:process.env.MAIN_MENU}); + res.render("pages/signup", {csrfToken:tkn, result:{code:'error', msg:'User Information already exists.'},header:process.env.MAIN_MENU}); return; } - sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES (" - +"'"+ email + "'," - + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," - +"'A')"; + + connection.escape(email) + "," + + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "'),'A')"; connection.query(sql, function(err,result) { connection.release(); if(err){ - res.render("pages/signup", {result:{ code:'error', msg:String(err) },header:process.env.MAIN_MENU});; + res.render("pages/signup", {csrfToken:tkn, result:{ code:'error', msg:String(err) },header:process.env.MAIN_MENU});; return; } - res.render('pages/signup', {result:{code:'success', msg:'User created. Please login.'},header:process.env.MAIN_MENU}); + res.render('pages/signup', {csrfToken:tkn, result:{code:'success', msg:'User created. Please login.'},header:process.env.MAIN_MENU}); return; }); }); @@ -317,46 +314,48 @@ exports.deleteUser = function(req,res){ var resultObj = { code:'', msg:'' }; var privilegeObj = req.session.loggedInAdmin; - pool.getConnection(function(err,connection) { - if(err){ + pool.getConnection(function(err,connection) { + + if(err){ console.error( String(err) ); // ALARM - res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. Error:" + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. Error:" + String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - - var sqlUpdate = "DELETE FROM PORTAL_USERS WHERE email='" + req.query.email + "'"; + } + var sqlUpdate = "DELETE FROM PORTAL_USERS WHERE email=" + connection.escape(req.query.email); console.log(sqlUpdate); - connection.query(sqlUpdate,function(err,result){ + connection.query(sqlUpdate,function(err,result){ - if(err){ - resultObj = {code:'error', msg:'Delete of user failed Error: '+ String(err) }; - } + if(err){ + resultObj = {code:'error', msg:'Delete of user failed Error: '+ String(err) }; + } - // Need DB lookup logic here - connection.query("SELECT email,password,privilege FROM PORTAL_USERS", function(err, rows) { - connection.release(); - if(!err) { - if ( rows.length > 0 ) - { + // Need DB lookup logic here + connection.query("SELECT email,password,privilege FROM PORTAL_USERS", function(err, rows) { + connection.release(); + if(!err) + { + if ( rows.length > 0 ) + { resultObj = {code:'success',msg:'Successfully deleted user.'}; - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); + res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); return; - }else{ - res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', - privilege:privilegeObj },header:process.env.MAIN_MENU}); + }else{ + res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', + privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - } else { - res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: ' + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + } + } + else { + res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: ' + String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - }); //end query - }); - }); // end of getConnection + } + }); //end query + }); + }); // end of getConnection } // add User @@ -390,9 +389,9 @@ exports.addUser = function(req,res){ //connection.query(sqlRequest, function(err,result) var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES (" - +"'"+ email + "'," - + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," - +"'"+ char_priv + "')"; + + connection.escape(email) + "," + + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "')," + + "'" + char_priv + "')"; connection.query(sqlUpdate,function(err,result) @@ -456,11 +455,12 @@ exports.updateUser= function(req,res){ } var sqlUpdate = "UPDATE PORTAL_USERS SET " - + "email = '" + email + "'," - + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), " - + "privilege = '"+ char_priv + "'" - + " WHERE email = '" + key_email + "'"; + + "email = " + connection.escape(email) + "," + + "password = " + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "'), " + + "privilege = '" + char_priv + "'" + + " WHERE email = " + connection.escape(key_email); + console.log(sqlUpdate); connection.query(sqlUpdate,function(err,result) { if(err){ @@ -596,57 +596,57 @@ exports.listSLA = function(req,res,resultObj){ exports.executeSQL = function(sql,req,res,callback){ - console.log(sql); - - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); - return; - } + console.log(sql); + pool.getConnection(function(err,connection) { - connection.query(sql, function(err,result){ - connection.release(); + if(err){ + console.error( String(err) ); // ALARM + callback(err, 'Unable to get database connection.' + err); + return; + } + connection.query(sql, function(err,result){ + connection.release(); if (err) { callback(err,'Database operation failed. ' + err ); + return; } - else - { -console.log('affectedRows='+result.affectedRows); - callback(null, result.affectedRows); - } - }); //end query - }); // end getConnection + else + { + console.log('affectedRows='+result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); //end query + }); // end getConnection } // gamma - deleteParameter exports.deleteParameter = function(req,res,callback){ - var sql = "DELETE FROM PARAMETERS WHERE name='" + req.query.name + "'"; - - console.log(sql); - - pool.getConnection(function(err,connection) { + pool.getConnection(function(err,connection) { - if(err){ - console.log( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); - return; - } - connection.query(sql, function(err,result){ - connection.release(); - if(err){ - console.log('Update failed. ' + err ); - callback(err,'Update failed. ' + err ); - } - else - { - callback(null,''); - } - }); //end query - }); // end getConnection + if(err){ + console.log( String(err) ); // ALARM + callback(err, 'Unable to get database connection.' + err); + return; + } + var sql = "DELETE FROM PARAMETERS WHERE name=" + connection.escape(req.query.name); + + console.log(sql); + connection.query(sql, function(err,result){ + connection.release(); + if(err){ + callback(err,'Update failed. ' + err ); + return; + } + else + { + callback(null,''); + return; + } + }); //end query + }); // end getConnection } @@ -924,41 +924,41 @@ exports.getVnfData = function(req,res,resultObj,privilegeObj) exports.findAdminUser = function(email,res,callback) { - var adminUser={}; - pool.getConnection(function(err,connection) { - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/login", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + pool.getConnection(function(err,connection) + { + if(err) + { + res.render("pages/err", {result:{code:'error', msg:err},header:process.env.MAIN_MENU}); return; - } + } // Need DB lookup logic here - connection.query("SELECT email, AES_DECRYPT(password, '" + enckey + "') password, privilege FROM PORTAL_USERS WHERE email='" + email + "'", function(err, rows) { + connection.query("SELECT email, AES_DECRYPT(password, '" + enckey + "') password, privilege FROM PORTAL_USERS WHERE email=" + connection.escape(email), function(err, rows) { connection.release(); - if(!err) { - if ( rows.length > 0 ) - { - rows.forEach(function(row){ - adminUser = { - "email" : row.email, - "password" : row.password, - "privilege" : row.privilege }; - }); - callback(adminUser); - return; - }else{ - console.log("no rows returned"); - res.render("pages/login", {result:{code:'error', msg:'User is not in database.'},header:process.env.MAIN_MENU}); - return; - } - } else { - res.render("pages/err", {result:{code:'error',msg:'Unexpected no rows returned from database. '+ String(err)},header:process.env.MAIN_MENU}); + if(err) + { + res.render("pages/err", {result:{code:'error', msg:err},header:process.env.MAIN_MENU}); + return; + } + if ( rows.length > 0 ) + { + rows.forEach(function(row){ + adminUser = { + "email" : row.email, + "password" : row.password, + "privilege" : row.privilege }; + }); + callback(adminUser); + return; + } + else{ + res.render("pages/err", {result:{code:'error', msg:'User is not in database.'},header:process.env.MAIN_MENU}); return; } }); //end query - }); // end getConnection + }); // end getConnection } @@ -1029,6 +1029,121 @@ exports.addVnfProfile = function(row,res,callback){ }); // end getConnection } +exports.deleteVnfProfile = function(req,res,callback){ + + var privilegeObj = req.session.loggedInAdmin; + var rows={}; + + pool.getConnection(function(err,connection) { + + var sql = 'DELETE FROM VNF_PROFILE WHERE vnf_type = ' + connection.escape(req.sanitize(req.query.vnf_type)); + console.log(sql); + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + + //var vt = req.sanitize(req.query.vnf_type); + //var vnf_type = { vnf_type: vt }; + //var vnf_type = connection.escape(vt); + //console.log('type='+vnf_type); + //connection.query('DELETE FROM VNF_PROFILE WHERE vnf_type = ?', vnf_type, function(err,result) + connection.query(sql, function(err,result) + { + connection.release(); + if (err) { + callback(err,'Database operation failed. ' + err ); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('No rows deleted.'); + return; + } + console.log('rows deleted: ' + result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); + }); // end of getConnection +}; + +exports.deleteVnfData = function(req,res,callback){ + + var privilegeObj = req.session.loggedInAdmin; + var rows={}; + + pool.getConnection(function(err,connection) { + + var sql = 'DELETE FROM PRE_LOAD_VNF_DATA WHERE id =' + connection.escape(req.sanitize(req.query.id)); + console.log(sql); + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + + connection.query(sql, function(err,result) + { + connection.release(); + if (err) { + callback(err,'Database operation failed. ' + err ); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('No rows deleted.'); + return; + } + console.log('rows deleted: ' + result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); + }); // end of getConnection +}; + +exports.deleteVnfNetworkData = function(req,res,callback){ + + var privilegeObj = req.session.loggedInAdmin; + var rows={}; + + pool.getConnection(function(err,connection) { + + var sql = 'DELETE FROM PRE_LOAD_VNF_NETWORK_DATA WHERE id =' + connection.escape(req.sanitize(req.query.id)); + console.log(sql); + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + + connection.query(sql, function(err,result) + { + connection.release(); + if (err) { + callback(err,'Database operation failed. ' + err ); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('No rows deleted.'); + return; + } + console.log('rows deleted: ' + result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); + }); // end of getConnection +}; // Add to SVC_LOGIC table exports.addDG = function(_module, version, rpc, mode, xmlfile, req,res){ @@ -1095,131 +1210,193 @@ exports.addDG = function(_module, version, rpc, mode, xmlfile, req,res){ }); // end of getConnection }; -exports.activate = function(req,res,_module,rpc,version,mode,callback){ +exports.updatePreloadStatus = function(sql,req,res,_module,rpc,version,mode,callback){ - var sql = "UPDATE SVC_LOGIC SET active=\'Y\' WHERE module=\'" - + _module + "' AND rpc=\'" - + rpc + "' AND version=\'" - + version + "' AND mode=\'" - + mode + "'"; + pool.getConnection(function(err,connection) { + + if(err){ + console.error( String(err) ); // ALARM + callback(err, 'Unable to get database connection.' + err); + return; + } - console.log('SQL='+sql); + var sql = _sql + " WHERE id = " + connection.escape(req.query.id); - pool.getConnection(function(err,connection) { + console.log(sql); + connection.query(sql, function(err,result){ + + connection.release(); + if(err){ + callback(err, 'Unable to get database connection.' + err); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('Unable to update preload status.'); + return; + } + callback(null, result.affectedRows); + return; + } + }); //end query + }); // end getConnection +} + +exports.activate = function(req,res,_module,rpc,version,mode,callback){ + + pool.getConnection(function(err,connection) { - if(err){ + if(err){ console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); + callback(err, 'Unable to get database connection.' + err); return; - } + } - connection.query(sql, function(err,result){ + var sql = "UPDATE SVC_LOGIC SET active=\'Y\' WHERE " + + "module = " + connection.escape(_module) + " AND " + + "rpc = " + connection.escape(rpc) + " AND " + + "version = " + connection.escape(version) + " AND " + + "mode = " + connection.escape(mode); - connection.release(); + console.log('SQL='+sql); + connection.query(sql, function(err,result){ + + connection.release(); if(err){ - callback(err, 'Unable to get database connection.' + err); - } - else - { - callback(null,''); - } - }); //end query - }); // end getConnection + callback(err, 'Unable to get database connection.' + err); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('Unable to activate directed graph.'); + return; + } + console.log('rows deleted: ' + result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); //end query + }); // end getConnection } exports.deactivate = function(req,res,_module,rpc,version,mode,callback){ - var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE module=\'" - + _module + "' AND rpc=\'" - + rpc + "' AND version=\'" - + version + "' AND mode=\'" - + mode + "'"; - - console.log('SQL='+sql); - - pool.getConnection(function(err,connection) { + pool.getConnection(function(err,connection) { - if(err){ + if(err){ console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); + callback(err, 'Unable to get database connection.' + err); return; - } + } - connection.query(sql, function(err,result){ + var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE " + + "module = " + connection.escape(_module) + " AND " + + "rpc = " + connection.escape(rpc) + " AND " + + "version = " + connection.escape(version) + " AND " + + "mode = " + connection.escape(mode); - connection.release(); - if(err){ - callback(err, 'Unable to get database connection.' + err); - } - else - { - callback(null,''); - } - }); //end query - }); // end getConnection + console.log('SQL='+sql); + connection.query(sql, function(err,result){ + + connection.release(); + if(err){ + callback(err, 'Unable to get database connection.' + err); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('Unable to deactivate directed graph.'); + return; + } + console.log('rows deleted: ' + result.affectedRows); + callback(null, result.affectedRows); + return; + } + }); //end query + }); // end getConnection } exports.global_deactivate = function(req,res,_module,rpc,mode,callback){ - var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE module=\'" - + _module + "' AND rpc=\'" - + rpc + "' AND mode=\'" - + mode + "'"; + pool.getConnection(function(err,connection) { + if(err){ + callback(err, 'Unable to get database connection.' + err); + return; + } - pool.getConnection(function(err,connection) { + // deactivate all versions + var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE " + + "module = " + connection.escape(_module) + " AND " + + "rpc = " + connection.escape(rpc) + " AND " + + "mode = " + connection.escape(mode); - if(err){ - callback(err, 'Unable to get database connection.' + err); - return; - } - - connection.query(sql, function(err,result){ + console.log(sql); + connection.query(sql, function(err,result){ - connection.release(); - if(err){ - callback(err, err); - } - else - { - callback(null,''); - } - }); //end query - }); // end getConnection + connection.release(); + if(err){ + callback(err, err); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('Unable to set all versions to deactivate.'); + return; + } + callback(null,result.affectedRows); + return; + } + }); //end query + }); // end getConnection } exports.deleteDG = function(req,res,_module,rpc,version,mode,callback){ - var sql = "DELETE FROM SVC_LOGIC WHERE module=\'" - + _module + "' AND rpc=\'" - + rpc + "' AND version=\'" - + version + "' AND mode=\'" - + mode + "'"; - - console.log('SQL='+sql); - - pool.getConnection(function(err,connection) { + pool.getConnection(function(err,connection) { - if(err){ + if(err){ console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); + callback(err, 'Unable to get database connection.' + err); return; - } + } - connection.query(sql, function(err,result){ + var sql = "DELETE FROM SVC_LOGIC WHERE " + + "module = " + connection.escape(_module) + " AND " + + "rpc = " + connection.escape(rpc) + " AND " + + "version = " + connection.escape(version) + " AND " + + "mode = " + connection.escape(mode); - connection.release(); - if(err){ - callback(err, 'Unable to get database connection.' + err); - } - else - { - callback(null,''); - } - }); //end query - }); // end getConnection + console.log(sql); + connection.query(sql, function(err,result){ + + connection.release(); + if(err){ + callback(err, 'Unable to get database connection.' + err); + return; + } + else + { + if (result.affectedRows == 0) + { + callback('No rows deleted.'); + return; + } + callback(null,result.affectedRows); + return; + } + }); //end query + }); // end getConnection } |