Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9cfd2e4a64b2b00f19d58bed62693c7c7822921b
opencrm/backend/src/middleware/pdfUploadSafety.ts
T
duffyduck 9cfd2e4a64 Pentest 69.3 (INFO): Magic-Byte-Validator auf Vertragsdokumente erweitert 
contract.routes.ts Vertragsdokumente-Upload hatte bisher nur den
PDF-Inhalts-Scan aus 68.1. JPG/PNG-Uploads waren ungeprüft, ohne
canonical Rename – Pentester selbst attestiert "ohne Exploit-Pfad"
(Download-Layer fängt's), aber inkonsistent zu allen anderen
Upload-Pfaden.

- Refactor: detectType + validateUploadedFile aus upload.routes.ts
  in neue Middleware uploadFileTypeValidator.ts ausgelagert (Single
  Source of Truth, ~90 Zeilen Duplikation entfällt).
- contract.routes.ts: validateUploadedFile ersetzt
  scanUploadedPdfIfPresent → Magic-Byte + canonical Rename + PDF-Scan
  in einer Pipeline.
- pdfUploadSafety.ts: scanUploadedPdfIfPresent entfernt (tot).
2026-06-03 14:49:06 +02:00

35 lines
1.3 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import { Request, Response, NextFunction } from 'express';
import fs from 'fs';
import { assertSafePdf } from '../utils/sanitize.js';
import { ApiError } from '../utils/apiError.js';
/**
* Strikte Variante: Datei MUSS eine PDF sein. Sonst 415. Für Routen, die
* ausschliesslich PDFs zulassen (z.B. Vollmacht-Upload, PDF-Templates).
*
* Routen, die auch JPG/PNG akzeptieren (z.B. contract.routes
* Vertragsdokumente), nutzen `validateUploadedFile` aus
* `uploadFileTypeValidator.ts` das macht Magic-Byte für ALLE Typen +
* PDF-Scan in einer Pipeline.
*/
export function requireSafeUploadedPdf(req: Request, res: Response, next: NextFunction): void {
const file = (req as Request & { file?: Express.Multer.File }).file;
if (!file) {
next();
return;
}
try {
const buf = fs.readFileSync(file.path);
if (buf.length < 5 || buf.subarray(0, 5).toString('latin1') !== '%PDF-') {
throw new ApiError(415, 'Datei ist keine gültige PDF.');
}
assertSafePdf(buf);
next();
} catch (e) {
try { fs.unlinkSync(file.path); } catch { /* ignore */ }
const status = e instanceof ApiError ? e.statusCode : 415;
const message = e instanceof Error ? e.message : 'PDF ungültig';
res.status(status).json({ success: false, error: message });
}
}
Reference in New Issue View Git Blame Copy Permalink