Skip to content

Commit

Permalink
fix/anilibria legacy whitelist update (#10)
Browse files Browse the repository at this point in the history
  • Loading branch information
@MindHunter86
MindHunter86 authored Jul 14, 2024
2 parents 1a7fb10 + 40a09f2 commit 9215747
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 2 deletions.
8 changes: 6 additions & 2 deletions internal/proxy/validator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ func (m *Validator) encodeFormData() (e error) {

for k, v := range form.Value {
m.requestArgs.Add(k, v[0])
rlog(m.Ctx).Trace().Msg("parsed form value " + k + " - " + v[0])
}

// TODO - with go1.21.0 we can use:
Expand Down Expand Up @@ -217,7 +218,7 @@ func (m *Validator) isArgsWhitelisted() (_ bool) {
if len(declinedKeys) != 0 {
if zerolog.GlobalLevel() < zerolog.InfoLevel {
for key := range declinedKeys {
rlog(m.Ctx).Debug().Msg("Invalid key detected - " + futils.UnsafeString(key))
rlog(m.Ctx).Debug().Msg("Invalid args-key detected - " + futils.UnsafeString(key))
}
}

Expand All @@ -233,6 +234,9 @@ func (m *Validator) isQueryWhitelisted() (ok bool) {
return true
}

_, ok = queryWhitelist[futils.UnsafeString(query)]
if _, ok = queryWhitelist[futils.UnsafeString(query)]; !ok {
rlog(m.Ctx).Debug().Msg("Invalid query-key detected - " + futils.UnsafeString(query))
}

return
}
38 changes: 38 additions & 0 deletions internal/proxy/whitelist.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ package proxy
// }

var postArgsWhitelist = map[string]interface{}{
// POST api.php
"action": nil,
"code": nil,
"filter": nil,
Expand All @@ -19,6 +20,43 @@ var postArgsWhitelist = map[string]interface{}{
"perPage": nil,
"query": nil,
"rm": nil,

// POST func.php - most used
"sort": nil,
"xpage": nil,
"finish": nil,
"search": nil,
"current": nil,

// POST func.php
"2fa": nil,
"announce": nil,
"csrf": nil,
"csrf_token": nil,
"data": nil,
"deviceId": nil,
"do": nil,
"fa2code": nil,
"g-recaptcha-response": nil,
"info": nil,
"key": nil,
"login": nil,
"mail": nil,
"mes": nil,
"newPasswd": nil,
"oldPasswd": nil,
"order0column": nil,
"order0dir": nil,
"passwd": nil,
"recaptcha": nil,
"reset": nil,
"rid": nil,
"searchvalue": nil,
"url": nil,
"v": nil,
"vk": nil,
"w": nil,
"width": nil,
}

var queryWhitelist = map[string]interface{}{
Expand Down

0 comments on commit 9215747

Please sign in to comment.