Giters

ampproject / error-tracker

AMP Project's error logging server

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Possible bug or spec?

ppashakhanloo opened this issue · comments

commented

Hi there,

I was reading the source code of this repository for a project of mine and came across this line of code: routes/error-tracker.js#L102
If you follow where the value of req.body flows in the code, you can can see that it ends in a call to deleter() in utils/cache.js. So my question is this: which function is responsible for sanitizing req? It can be potentially exploited (or just result in an undesired behavior). I could not find information about it in the repository so I apologize if I misread or overlooked something.

Thanks

commented

Hi @ppashakhanloo: Sanitization happens in

error-tracker/utils/requests/extract-reporting-params.js

Line 23 in 224fe25

function extractReportingParams(params) {
and

error-tracker/routes/error-tracker.js

Lines 109 to 124 in 224fe25

if (!referrer || !version || !message) {
return res.sendStatus(statusCodes.BAD_REQUEST);
}
// Accept but ignore requests that get throttled.
if (
version.includes('internalRuntimeVersion') ||
Math.random() > logTarget.throttleRate
) {
return res.sendStatus(statusCodes.OK);
}
const rtvs = await latestRtv();
// Drop requests from RTVs that are no longer being served.
if (rtvs.length > 0 && !rtvs.includes(version)) {
return res.sendStatus(statusCodes.GONE);
}
.

The deleter call itself shouldn't matter for the param body, it will only delete cache entries that we generate to ensure the cache doesn't grow unbounded.