summaryrefslogtreecommitdiffstats
path: root/admportal/server/router/routes/preload.js
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-07-31 14:46:56 +0000
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-07-31 14:31:07 -0400
commit18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/preload.js
parent33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/preload.js')
-rw-r--r--admportal/server/router/routes/preload.js101
1 files changed, 44 insertions, 57 deletions
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js
index fd41bb44..522c6daa 100644
--- a/admportal/server/router/routes/preload.js
+++ b/admportal/server/router/routes/preload.js
@@ -16,8 +16,6 @@ var vnf = require('./vnf');
var network = require('./network');
var moment = require('moment');
-
-
// pass host, username and password to ODL
// target host for ODL request
var username = properties.odlUser;
@@ -35,14 +33,17 @@ var options = {
strictSSL: false
};
-// multer 1.1
+// multer
var unixTime = moment().unix();
var storage = multer.diskStorage({
destination: function (req, file, cb) {
cb(null, process.cwd() + '/uploads/')
+ return;
},
filename: function (req, file, cb) {
+console.log('filename');
cb(null, unixTime + "." + file.originalname )
+ return;
}
});
@@ -54,98 +55,84 @@ var upload = multer({
return cb(null,false);
}
cb(null,true);
+ return;
}
});
router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
-
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
+ var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
tasks.push ( function(callback) { vnf.go(req,res,callback,''); } );
tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
async.waterfall(tasks, function(err,result)
{
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
});
-
});
router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
-
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
+ console.log('uploadNetworkCsv');
- tasks.push ( function(callback) { network.go(req,res,callback,''); } );
- tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
- async.waterfall(tasks, function(err,result)
- {
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ var msgArray = new Array();
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
+ tasks.push ( function(callback) { network.go(req,res,callback,''); } );
+ tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ async.waterfall(tasks, function(err,result)
+ {
+ if(err){
+ console.log('ERROR:' + err);
+ msgArray.push(err);
+ dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ }
+ });
});
function formatVnfInsertStatement(content,filename,req,res,callback)
{
- //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"');
- //var ins_str = newstr.replace("\r\n ", "\\r\\n");
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
function formatNetworkInsertStatement(content,filename,req,res,callback)
{
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
-
-
module.exports = router;