admin/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2026-01-24 15:43:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add input validation for monitor ID in badge endpoints (#6789)

Browse Source
This commit is contained in:
Angel98518
2026-01-23 00:39:40 +08:00
committed by GitHub
parent 2ac28758f7
commit 3ebd0ae2a2
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/routers/api-router.js
View File

@@ -164,6 +164,9 @@ router.get("/api/badge/:id/status", cache("5 minutes"), async (request, response
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
const overrideValue = value !== undefined ? parseInt(value) : undefined;
let publicMonitor = await R.getRow(
@@ -242,6 +245,9 @@ router.get("/api/badge/:id/uptime/:duration?", cache("5 minutes"), async (reques
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
// if no duration is given, set value to 24 (h)
let requestedDuration = request.params.duration !== undefined ? request.params.duration : "24h";
const overrideValue = value && parseFloat(value);
@@ -312,6 +318,9 @@ router.get("/api/badge/:id/ping/:duration?", cache("5 minutes"), async (request,
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
// Default duration is 24 (h) if not defined in queryParam, limited to 720h (30d)
let requestedDuration = request.params.duration !== undefined ? request.params.duration : "24h";
@@ -374,6 +383,9 @@ router.get("/api/badge/:id/avg-response/:duration?", cache("5 minutes"), async (
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
// Default duration is 24 (h) if not defined in queryParam, limited to 720h (30d)
const requestedDuration = Math.min(request.params.duration ? parseInt(request.params.duration, 10) : 24, 720);
@@ -450,6 +462,9 @@ router.get("/api/badge/:id/cert-exp", cache("5 minutes"), async (request, respon
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
const overrideValue = value && parseFloat(value);
@@ -534,6 +549,9 @@ router.get("/api/badge/:id/response", cache("5 minutes"), async (request, respon
try {
const requestedMonitorId = parseInt(request.params.id, 10);
if (Number.isNaN(requestedMonitorId)) {
throw new Error("Invalid monitor ID");
}
const overrideValue = value && parseFloat(value);