Skip to content

Commit

Permalink
chg: [website] Backend does not validate JSON vuln data sent from an …
Browse files Browse the repository at this point in the history 
…admin.
  • Loading branch information
@cedricbonhomme
cedricbonhomme committed Jul 15, 2024
1 parent 73bb5b0 commit aa4a5c0
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions website/web/api/v1/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,12 @@ def post(self) -> Tuple[Dict[Any, Any], int]:

# Validate the JSON payload
vuln = default_ns.payload
try:
validate_json(vuln)
except Exception:
logger.warning("JSON validation failed.")
abort(400, "JSON validation failed.")
if not current_user.is_admin:
try:
validate_json(vuln)
except Exception:
logger.warning("JSON validation failed.")
abort(400, "JSON validation failed.")

vuln_id = vuln["cveMetadata"]["vulnId"].lower()
cve_id = vuln["cveMetadata"]["cveId"].lower() or None
Expand Down

0 comments on commit aa4a5c0

Please sign in to comment.