In the current implementation of ServerQuery, the guild_id is included directly in HTTP responses without being sanitized first. While guild_id is provided by the Discord API and not user-inputted, it is included in URLs and could potentially be manipulated.
This could pose a potential risk for Cross-Site Scripting (XSS) attacks, where an attacker tricks a user into clicking a malicious link that includes a script in the guild_id.
To resolve this issue, we need to sanitize guild_id before including it in HTTP responses. This can be done using a library such as escape-html or validator.
Steps to Reproduce:
Make a GET request to the /api/get/bot/:guild_id/servers endpoint with an invalid guild_id.
Observe the HTTP response. (in this case it seems that the guild_id is being sanitized and converted to a string, but to be doubly sure, I want to add sanitization to all endpoint variables, just in case)
Expected Outcome:
The guild_id in the HTTP response should be sanitized and not pose any risk for XSS attacks.
Actual Outcome:
The guild_id is included directly in the HTTP response without being sanitized, potentially posing a risk for XSS attacks.
Suggested Fix:
Use a library like escape-html to sanitize guild_id before including it in HTTP responses.
In the current implementation of ServerQuery, the
guild_id
is included directly in HTTP responses without being sanitized first. Whileguild_id
is provided by the Discord API and not user-inputted, it is included in URLs and could potentially be manipulated.This could pose a potential risk for Cross-Site Scripting (XSS) attacks, where an attacker tricks a user into clicking a malicious link that includes a script in the
guild_id
.To resolve this issue, we need to sanitize
guild_id
before including it in HTTP responses. This can be done using a library such asescape-html
orvalidator
.Steps to Reproduce:
/api/get/bot/:guild_id/servers
endpoint with an invalid guild_id.Expected Outcome: The
guild_id
in the HTTP response should be sanitized and not pose any risk for XSS attacks.Actual Outcome: The guild_id is included directly in the HTTP response without being sanitized, potentially posing a risk for XSS attacks.
Suggested Fix: Use a library like escape-html to sanitize guild_id before including it in HTTP responses.
Relevant Example Code Snippet: See getRoutes.js