Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix some crashes caused by improper JSON validation #48

Merged
merged 2 commits into from
Nov 28, 2024
Merged

fix: fix some crashes caused by improper JSON validation #48

merged 2 commits into from
Nov 28, 2024

Conversation

Flechaa
Copy link
Contributor

@Flechaa Flechaa commented Nov 27, 2024

This PR fixes two issues:

  • JSON messages sent after the device welcome message could have errors and they are not caught:

    Rotom/packages/connections/src/lib/deviceControlConnection.ts

    Lines 78 to 120 in e5074b4

    received(message: string) {
    this.log.debug(`${this.deviceId}: <MITMC ${message}`);
    this.dateLastMessageReceived = Date.now();
    this.dateLastMessageSent = Date.now();
    if (this.init) {
    try {
    const id = JSON.parse(message);
    this.deviceId = id.deviceId;
    this.version = id.version;
    this.origin = id.origin;
    this.publicIp = id.publicIp;
    this.noMessagesSent = 0;
    this.noMessagesReceived = 0;
    this.responses = {};
    } catch (e) {
    this.log.error(`Device /control - error decoding welcome message, disconnecting`);
    this.ws.close();
    return;
    }
    this.emit('init', this, message);
    this.init = false;
    } else {
    const response = JSON.parse(message.toString());
    const promise = this.responses[response.id];
    if (promise) {
    delete this.responses[response.id];
    if (response.status == 200) {
    this.log.debug(`${this.deviceId}: <MITMC Received job response message ${message.toString()}`);
    promise.resolve(response.body);
    } else {
    this.log.warn(`${this.deviceId}: <MITMC Received rejection message ${message.toString()}`);
    promise.reject(`Status ${response.status} ${response.body?.errorReason ?? ''}`);
    }
    } else {
    this.log.warn(`${this.deviceId}: <MITMC Unrecognized response ${message.toString()}`);
    }
    }
    }

    Crash example:
const WebSocket = require("ws");

const ws = new WebSocket("ws://localhost:7070/control", {
    headers: {
        "x-rotom-secret": ""
    }
});

ws.on("open", () => {
    ws.send("{}");
    ws.send("");
});
const WebSocket = require("ws");

const ws = new WebSocket("ws://localhost:7070/control", {
    headers: {
        "x-rotom-secret": ""
    }
});

ws.on("open", () => {
    ws.send("{}");
});

ws.on("message", (message) => {
    console.log(message.toString());
    const req = JSON.parse(message);
    ws.send(JSON.stringify({ id: req.id, status: 200 }));
});

@jfberry
Copy link
Contributor

jfberry commented Nov 27, 2024

Thanks for this - it's always good to harden!
It looks good to me, but I will defer to @na-ji on typescript style issues :-)

@Fabio1988 Fabio1988 requested a review from na-ji November 27, 2024 09:47
@na-ji
Copy link
Contributor

na-ji commented Nov 28, 2024

Thanks!

@na-ji na-ji changed the title Fix some crashes caused by improper JSON validation fix: fix some crashes caused by improper JSON validation Nov 28, 2024
@na-ji na-ji merged commit d6a2c0c into UnownHash:main Nov 28, 2024
5 checks passed
@Flechaa Flechaa deleted the fix-crashes branch November 29, 2024 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@na-ji na-ji na-ji approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Flechaa @jfberry @na-ji