mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Sanitize custom map SVGs (#16448)
https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf Will only sanitize new SVGs. If you have existing backgrounds, they will not be sanitized. XSS cannot be triggered within the LibreNMS UI, to trigger, you must directly visit the background image URL.
This commit is contained in:
Tony Murray
GitHub
@ -28,6 +28,7 @@ namespace App\Http\Controllers\Maps;
|
|||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use App\Models\CustomMap;
|
use App\Models\CustomMap;
|
||||||
use App\Models\CustomMapBackground;
|
use App\Models\CustomMapBackground;
|
||||||
|
use enshrined\svgSanitize\Sanitizer;
|
||||||
use Illuminate\Foundation\Http\FormRequest;
|
use Illuminate\Foundation\Http\FormRequest;
|
||||||
use Illuminate\Support\Facades\Cache;
|
use Illuminate\Support\Facades\Cache;
|
||||||
|
|
||||||
@ -96,13 +97,23 @@ class CustomMapBackgroundController extends Controller
|
|||||||
if ($request->image) {
|
if ($request->image) {
|
||||||
// if image type and we have image data (new image) save it
|
// if image type and we have image data (new image) save it
|
||||||
$background = $map->background ?? new CustomMapBackground;
|
$background = $map->background ?? new CustomMapBackground;
|
||||||
$background->background_image = $request->image->getContent();
|
|
||||||
|
$image_content = $request->image->getContent();
|
||||||
|
$mimeType = $request->image->getMimeType();
|
||||||
|
|
||||||
|
// sanitize SVGs
|
||||||
|
if ($mimeType == 'image/svg+xml') {
|
||||||
|
$image_content = (new Sanitizer)->sanitize($image_content);
|
||||||
|
}
|
||||||
|
|
||||||
|
$background->background_image = $image_content;
|
||||||
|
|
||||||
$map->background()->save($background);
|
$map->background()->save($background);
|
||||||
Cache::driver('file')->forget($this->getCacheKey($map)); // clear old image cache if present
|
Cache::driver('file')->forget($this->getCacheKey($map)); // clear old image cache if present
|
||||||
$map->background_data = array_merge($map->background_data ?? [], [
|
$map->background_data = array_merge($map->background_data ?? [], [
|
||||||
'version' => md5($background->background_image),
|
'version' => md5($background->background_image),
|
||||||
'original_filename' => $request->image->getClientOriginalName(),
|
'original_filename' => $request->image->getClientOriginalName(),
|
||||||
'mime' => $request->image->getMimeType(),
|
'mime' => $mimeType,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
} elseif ($map->getOriginal('background_type') == 'image') {
|
} elseif ($map->getOriginal('background_type') == 'image') {
|
||||||
|
|||||||
@ -32,6 +32,7 @@
|
|||||||
"dapphp/radius": "^3.0",
|
"dapphp/radius": "^3.0",
|
||||||
"doctrine/dbal": "^3.5",
|
"doctrine/dbal": "^3.5",
|
||||||
"easybook/geshi": "^1.0.8",
|
"easybook/geshi": "^1.0.8",
|
||||||
|
"enshrined/svg-sanitize": "^0.20.0",
|
||||||
"ezyang/htmlpurifier": "^4.8",
|
"ezyang/htmlpurifier": "^4.8",
|
||||||
"fico7489/laravel-pivot": "^3.0",
|
"fico7489/laravel-pivot": "^3.0",
|
||||||
"influxdata/influxdb-client-php": "^3.4",
|
"influxdata/influxdb-client-php": "^3.4",
|
||||||
|
|||||||
47
composer.lock
generated
47
composer.lock
generated
@ -4,7 +4,7 @@
|
|||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "cfd22f9b26f539a6adc0ee571737bfcf",
|
"content-hash": "fee5d24447dced4397e26066f8c9ee59",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "amenadiel/jpgraph",
|
"name": "amenadiel/jpgraph",
|
||||||
@ -1175,6 +1175,51 @@
|
|||||||
],
|
],
|
||||||
"time": "2023-10-06T06:47:41+00:00"
|
"time": "2023-10-06T06:47:41+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "enshrined/svg-sanitize",
|
||||||
|
"version": "0.20.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
|
||||||
|
"reference": "068d9fcf912c88a0471d101d95a2caa87c50aee7"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/068d9fcf912c88a0471d101d95a2caa87c50aee7",
|
||||||
|
"reference": "068d9fcf912c88a0471d101d95a2caa87c50aee7",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"ext-dom": "*",
|
||||||
|
"ext-libxml": "*",
|
||||||
|
"php": "^7.1 || ^8.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^6.5 || ^8.5"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"enshrined\\svgSanitize\\": "src"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"GPL-2.0-or-later"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Daryll Doyle",
|
||||||
|
"email": "daryll@enshrined.co.uk"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "An SVG sanitizer for PHP",
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
|
||||||
|
"source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.20.0"
|
||||||
|
},
|
||||||
|
"time": "2024-09-05T10:18:12+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "ezyang/htmlpurifier",
|
"name": "ezyang/htmlpurifier",
|
||||||
"version": "v4.17.0",
|
"version": "v4.17.0",
|
||||||
|
|||||||
Reference in New Issue
Block a user