diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py index 615620a56..ca840270a 100644 --- a/CyberCP/secMiddleware.py +++ b/CyberCP/secMiddleware.py @@ -192,9 +192,13 @@ class secMiddleware: pathActual.find('/api/') > -1 or pathActual.find('aiscanner/scheduled-scans') > -1) if isAPIEndpoint: + # Skip validation for fields that contain legitimate code/scripts + if key == 'content' or key == 'fileContent' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'contentNow' or key == 'emailMessage': + continue + # For API endpoints, still check for the most dangerous command injection characters - if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or - value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or + if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or + value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or value.find('...') > -1 or value.find("`") > -1 or value.find("$") > -1 or value.find('../') > -1 or value.find('../../') > -1): logging.writeToFile(request.body) @@ -212,7 +216,7 @@ class secMiddleware: or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' \ or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \ or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow' \ - or key == 'time_of_day' or key == 'notification_emails' or key == 'domains': + or key == 'time_of_day' or key == 'notification_emails' or key == 'domains' or key == 'content': continue # Skip validation for API endpoints that need JSON structure characters