mirrors
/
uptime-kuma
mirror of https://github.com/louislam/uptime-kuma.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1.23.x changes to 2.0 (#5457)

This commit is contained in:
Louis Lam 2024-12-20 15:46:31 +08:00 committed by GitHub
parent c872929b8a 4d16575599
commit ccede11e1c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/monitor-types/real-browser-monitor-type.js
View File

@ -240,6 +240,14 @@ class RealBrowserMonitorType extends MonitorType {
const context = await browser.newContext(); const context = await browser.newContext();
const page = await context.newPage(); const page = await context.newPage();
// Prevent Local File Inclusion
// Accept only http:// and https://
// https://github.com/louislam/uptime-kuma/security/advisories/GHSA-2qgm-m29m-cj2h
let url = new URL(monitor.url);
if (url.protocol !== "http:" && url.protocol !== "https:") {
throw new Error("Invalid url protocol, only http and https are allowed.");
}
const res = await page.goto(monitor.url, { const res = await page.goto(monitor.url, {
waitUntil: "networkidle", waitUntil: "networkidle",
timeout: monitor.interval * 1000 * 0.8, timeout: monitor.interval * 1000 * 0.8,