Merge pull request #194 from yogeshojha/fix/xss

Fix for XSS issue in #178
yogeshojha · Aug 1, 2020 · 78819fb · 78819fb
2 parents ff016d7 + f26e074
commit 78819fb
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 2 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -1,5 +1,5 @@
 # Security Policy
-When I started out **rengine**, I had very little or no knowledge on Django. So I believe there could be many security vulnerabilities. 
+When I started out **rengine**, I had very little or no knowledge on Django. So I believe there could be many security vulnerabilities.
 Please report the security vulnerabilities via Issues Section or email yogesh.ojha11@(gmail).com
 
 The community will be thankful to your contributions. :star:
@@ -9,3 +9,5 @@ The community will be thankful to your contributions. :star:
 Please report all security issues [here](https://github.com/yogeshojha/rengine/issues) or email yogesh.ojha11@(gmail).com
 
 ## Past Security Vulnerabilities
+
+* Reflected XSS on Detail Scan Page via Page Title Parameter, Reported by [omemishra](https://github.com/omemishra)
diff --git a/README.md b/README.md
@@ -39,6 +39,7 @@
   * [Generate SSL Certificate](#generate-certificates)
   * [Building reNgine](#build-rengine)
   * [Register Account](#register-account)
+  * [Update reNgine](#how-to-update)
 * [Usage](#usage)
 * [Contributing](#contributing)
 * [License](#license)
@@ -180,6 +181,25 @@ make username
 
 You may now enter your username and password. Remember to keep a secure password.
 
+#### How to update
+
+We may add new features and fixes regularly. To get the latest version of reNgine up and running, you need to follow the following steps:
+
+* Get the latest changes
+Assuming that you are inside reNgine directory:
+
+```shell
+git pull
+```
+
+* Build the latest changes
+
+```shell
+make build
+```
+
+That is all, you can then run `make up` to run the latest version of reNgine.
+
 ## Contributing
 
 Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**. Your contributions could be as simple as fixing the indentations or fixing UI to as complex as bringing new modules and features.

diff --git a/reNgine/settings.py b/reNgine/settings.py
@@ -13,7 +13,7 @@
 
 SECRET_KEY = first_run(SECRET_FILE, BASE_DIR)
 
-DEBUG = int(os.environ.get('DEBUG', default=1))
+DEBUG = int(os.environ.get('DEBUG', default=0))
 
 ALLOWED_HOSTS = ['*']
 

diff --git a/startScan/templates/startScan/detail_scan.html b/startScan/templates/startScan/detail_scan.html
@@ -159,6 +159,7 @@ <h5 class="text-info">Endpoints</h5>
 <script src="{% static 'plugins/sweetalerts/custom-sweetalert.js' %}"></script>
 <script src="{% static 'plugins/lightbox/js/lightbox.js' %}"></script>
 <script src="{% static 'assets/js/dashboard/dash_1.js' %}"></script>
+<script src="{% static 'custom/custom.js' %}"></script>
 <script src="//cdn.datatables.net/1.10.16/js/dataTables.bootstrap4.min.js"></script>
 
 <script type="text/javascript">
@@ -263,6 +264,17 @@ <h5 class="text-info">Endpoints</h5>
                 },
                 "targets": 3,
             },
+            {
+                "render": function ( data, type, row ) {
+                    if (data){
+                        return htmlEncode(data);
+                    }
+                    else{
+                        return "";
+                    }
+                },
+                "targets": 5
+            },
             {
                 "render": function ( data, type, row ) {
                     if (data){
@@ -385,6 +397,17 @@ <h5 class="text-info">Endpoints</h5>
                 },
                 "targets": 1
             },
+            {
+                "render": function ( data, type, row ) {
+                    if (data){
+                        return htmlEncode(data);
+                    }
+                    else{
+                        return "";
+                    }
+                },
+                "targets": 3
+            },
         ],
         drawCallback: function () {
             $('.t-dot').tooltip({ template: '<div class="tooltip status" role="tooltip"><div class="arrow"></div><div class="tooltip-inner"></div></div>' })

diff --git a/static/custom/custom.js b/static/custom/custom.js
@@ -20,3 +20,10 @@ function getCookie(name) {
     }
     return cookieValue;
 }
+
+// Source: https://portswigger.net/web-security/cross-site-scripting/preventing#encode-data-on-output
+function htmlEncode(str){
+  return String(str).replace(/[^\w. ]/gi, function(c){
+     return '&#'+c.charCodeAt(0)+';';
+  });
+}