fix: Form value hardening

dogukanoksuz · dogukanoksuz · commit d6f94bc8f274 · 2022-09-15T16:10:53.000+03:00
diff --git a/internal/liman/settings.go b/internal/liman/settings.go
@@ -55,7 +55,7 @@ func GetSettings(user *models.User, server *models.Server, extension *models.Ext
 			continue
 		}
 
-		results[setting.Name] = aes256.Decrypt(setting.Value, decryptionKey)
+		results[setting.Name] = aes256.Decrypt(setting.Value, helpers.Env("APP_KEY", "")+setting.UserID+setting.ServerID)
 	}
 
 	return results, nil
diff --git a/pkg/helpers/form.go b/pkg/helpers/form.go
@@ -18,6 +18,14 @@ func GetFormData(c *fiber.Ctx) map[string]string {
 
 	formValues := make(map[string]string)
 	for key, value := range multipart.Value {
+		if key == "" {
+			continue
+		}
+
+		if strings.Contains(strings.ToLower(key), "password") || strings.Contains(strings.ToLower(key), "token") {
+			continue
+		}
+
 		if len(value) > 0 {
 			formValues[key] = value[0]
 		}

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func GetSettings(user models.User, server models.Server, extension *models.Ext`
`55`	`55`	`continue`
`56`	`56`	`}`
`57`	`57`
`58`		`- results[setting.Name] = aes256.Decrypt(setting.Value, decryptionKey)`
	`58`	`+ results[setting.Name] = aes256.Decrypt(setting.Value, helpers.Env("APP_KEY", "")+setting.UserID+setting.ServerID)`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`return results, nil`