search

nodeSolidServer / node-solid-server

Solid server on top of the file-system in NodeJS
https://solidproject.org/for-developers/pod-server
Other
1.78k stars 299 forks source link

GET request to /sharing (with no parameters) crashes the server #1764

Closed ylebre closed 6 months ago

ylebre commented 7 months ago

Tested on 5.7.8 and On 5.7.9-beta running in a docker container.

Fetching the URL https://localhost:8443/sharing (with no parameters) causes the server to crash with the following output on the console:

solid  | TypeError: Invalid URL
solid  |     at new URL (node:internal/url:775:36)
solid  |     at SharingRequest.getAppUrl (/usr/src/app/lib/requests/sharing-request.js:156:12)
solid  |     at get (/usr/src/app/lib/requests/sharing-request.js:70:28)
solid  |     at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid  |     at next (/usr/src/app/node_modules/express/lib/router/route.js:144:13)
solid  |     at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:114:3)
solid  |     at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid  |     at /usr/src/app/node_modules/express/lib/router/index.js:284:15
solid  |     at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
solid  |     at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10) {
solid  |   code: 'ERR_INVALID_URL',
solid  |   input: 'undefined'
solid  | }

It looks like the sharing-request handler is missing input validation to make sure all the expected parameters are present.

bourgeoa commented 7 months ago

Thanks. Yes you are right

bourgeoa commented 7 months ago

@ylebre Could you check the PR https://github.com/nodeSolidServer/node-solid-server/pull/1765 I tested locally with /sharing, sharing? and /sharing?test=anything.

ylebre commented 6 months ago

That fixes it for the GET request.

It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.

bourgeoa commented 6 months ago

It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.

What do you mean by empty GET variables

ylebre commented 6 months ago

A POST request to the server with an empty body also seems to trigger the same issue. I was confused about where the post request was getting the variables from, sorry about that.