CalvinBackup/iD
1
0
Fork 0
mirror of https://github.com/FoggedLens/iD.git synced 2026-02-13 01:02:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize personal tokens from custom background imagery

Browse Source 
(closes #6801)
This commit is contained in:
Bryan Housel
2020-03-14 10:30:46 -04:00
parent 94c9697ee4
commit 47aaec0db6
2 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/renderer/background_source.js
View File

@@ -3,7 +3,7 @@ import { json as d3_json } from 'd3-fetch';
import { t } from '../util/locale';
import { geoExtent, geoSphericalDistance } from '../geo';
import { utilDetect } from '../util/detect';
import { utilDetect, utilQsString, utilStringQs } from '../util';
function localeDateString(s) {
@@ -540,7 +540,26 @@ rendererBackgroundSource.Custom = function(template) {
source.imageryUsed = function() {
return 'Custom (' + source.template() + ' )';
// sanitize personal connection tokens - #6801
var cleaned = source.template();
// from query string parameters
if (cleaned.indexOf('?') !== -1) {
var parts = cleaned.split('?', 2);
var qs = utilStringQs(parts[1]);
['access_token', 'connectId', 'token'].forEach(function(param) {
if (qs[param]) {
qs[param] = '{apikey}';
}
});
cleaned = parts[0] + '?' + utilQsString(qs, true); // true = soft encode
}
// from wms/wmts api path parameters
cleaned = cleaned.replace(/token\/(\w+)/, 'token/{apikey}');
return 'Custom (' + cleaned + ' )';
};

26
test/spec/renderer/background_source.js
View File

@@ -70,3 +70,29 @@ describe('iD.rendererBackgroundSource', function() {
expect(source.validZoom(17)).to.be.false;
});
});
describe('iD.rendererBackgroundSource.Custom', function() {
describe('#imageryUsed', function() {
it('returns an imagery_used string', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com');
expect(source.imageryUsed()).to.eql('Custom (http://example.com )'); // note ' )' space
});
it('sanitizes `access_token`', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com?access_token=MYTOKEN');
expect(source.imageryUsed()).to.eql('Custom (http://example.com?access_token={apikey} )');
});
it('sanitizes `connectId`', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com?connectId=MYTOKEN');
expect(source.imageryUsed()).to.eql('Custom (http://example.com?connectId={apikey} )');
});
it('sanitizes `token`', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com?token=MYTOKEN');
expect(source.imageryUsed()).to.eql('Custom (http://example.com?token={apikey} )');
});
it('sanitizes wms path `token`', function() {
var source = iD.rendererBackgroundSource.Custom('http://example.com/wms/v1/token/MYTOKEN/1.0.0/layer');
expect(source.imageryUsed()).to.eql('Custom (http://example.com/wms/v1/token/{apikey}/1.0.0/layer )');
});
});
});