Merge pull request #9 from ECTwo/aws/cmd-injection

Fix #5, Prevent command injection
ECTwo · Oct 29, 2020 · b542961 · b542961
2 parents bf9b72f + 6070798
commit b542961
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,7 @@ coverage
 
 # Benchmarking
 benchmarks/graphs
+
+# IntelliJ
+.idea/
+*.iml
diff --git a/src/routes/index.ts b/src/routes/index.ts
@@ -5,6 +5,19 @@ import AwsTerraformRouterV1 from './v1/terraform/Aws';
 // Init router and path
 const router = Router();
 
+router.use((req, res, next) => {
+    const { access_key, secret_key } = req.headers;
+    if (typeof access_key === 'string' && !access_key.match(/^[A-Za-z0-9]+$/)) {
+        res.status(400).end(JSON.stringify({}));
+        return;
+    }
+    if (typeof secret_key === 'string' && !secret_key.match(/^[A-Za-z0-9]+$/)) {
+        res.status(400).end(JSON.stringify({}));
+        return;
+    }
+    next();
+});
+
 // Add sub-routes
 router.use('/users', UserRouter);
 router.use('/v1/aws', AwsRouterV1)