Fix #5, 커맨드 인젝션을 막기 위한 access_key, secret_key 검증 과정 추가

ECTwo · Oct 29, 2020 · 6070798 · 6070798
1 parent bf9b72f
commit 6070798
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,7 @@ coverage
 
 # Benchmarking
 benchmarks/graphs
+
+# IntelliJ
+.idea/
+*.iml
diff --git a/src/routes/index.ts b/src/routes/index.ts
@@ -5,6 +5,19 @@ import AwsTerraformRouterV1 from './v1/terraform/Aws';
 // Init router and path
 const router = Router();
 
+router.use((req, res, next) => {
+    const { access_key, secret_key } = req.headers;
+    if (typeof access_key === 'string' && !access_key.match(/^[A-Za-z0-9]+$/)) {
+        res.status(400).end(JSON.stringify({}));
+        return;
+    }
+    if (typeof secret_key === 'string' && !secret_key.match(/^[A-Za-z0-9]+$/)) {
+        res.status(400).end(JSON.stringify({}));
+        return;
+    }
+    next();
+});
+
 // Add sub-routes
 router.use('/users', UserRouter);
 router.use('/v1/aws', AwsRouterV1)