diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/preload.js | |
parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/preload.js')
-rw-r--r-- | admportal/server/router/routes/preload.js | 101 |
1 files changed, 44 insertions, 57 deletions
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js index fd41bb44..522c6daa 100644 --- a/admportal/server/router/routes/preload.js +++ b/admportal/server/router/routes/preload.js @@ -16,8 +16,6 @@ var vnf = require('./vnf'); var network = require('./network'); var moment = require('moment'); - - // pass host, username and password to ODL // target host for ODL request var username = properties.odlUser; @@ -35,14 +33,17 @@ var options = { strictSSL: false }; -// multer 1.1 +// multer var unixTime = moment().unix(); var storage = multer.diskStorage({ destination: function (req, file, cb) { cb(null, process.cwd() + '/uploads/') + return; }, filename: function (req, file, cb) { +console.log('filename'); cb(null, unixTime + "." + file.originalname ) + return; } }); @@ -54,98 +55,84 @@ var upload = multer({ return cb(null,false); } cb(null,true); + return; } }); router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - + var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; var tasks = []; tasks.push ( function(callback) { vnf.go(req,res,callback,''); } ); tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); async.waterfall(tasks, function(err,result) { - if(err){ - msgArray.push(err); - dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } + if(err){ + msgArray.push(err); + dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } }); - }); router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; + console.log('uploadNetworkCsv'); - tasks.push ( function(callback) { network.go(req,res,callback,''); } ); - tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); - async.waterfall(tasks, function(err,result) - { - if(err){ - msgArray.push(err); - dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + var msgArray = new Array(); + var privilegeObj = req.session.loggedInAdmin; + var tasks = []; + tasks.push ( function(callback) { network.go(req,res,callback,''); } ); + tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + async.waterfall(tasks, function(err,result) + { + if(err){ + console.log('ERROR:' + err); + msgArray.push(err); + dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); + } + }); }); function formatVnfInsertStatement(content,filename,req,res,callback) { - //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"'); - //var ins_str = newstr.replace("\r\n ", "\\r\\n"); - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } function formatNetworkInsertStatement(content,filename,req,res,callback) { - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } - - module.exports = router; |