juice-shop
65 строк · 2.3 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import challengeUtils = require('../lib/challengeUtils')
7import { type Request, type Response, type NextFunction } from 'express'
8import { type Review } from '../data/types'
9import * as db from '../data/mongodb'
10import { challenges } from '../data/datacache'
11
12const security = require('../lib/insecurity')
13
14module.exports = function productReviews () {
15return (req: Request, res: Response, next: NextFunction) => {
16const id = req.body.id
17const user = security.authenticatedUsers.from(req)
18db.reviewsCollection.findOne({ _id: id }).then((review: Review) => {
19if (!review) {
20res.status(404).json({ error: 'Not found' })
21} else {
22const likedBy = review.likedBy
23if (!likedBy.includes(user.data.email)) {
24db.reviewsCollection.update(
25{ _id: id },
26{ $inc: { likesCount: 1 } }
27).then(
28() => {
29// Artificial wait for timing attack challenge
30setTimeout(function () {
31db.reviewsCollection.findOne({ _id: id }).then((review: Review) => {
32const likedBy = review.likedBy
33likedBy.push(user.data.email)
34let count = 0
35for (let i = 0; i < likedBy.length; i++) {
36if (likedBy[i] === user.data.email) {
37count++
38}
39}
40challengeUtils.solveIf(challenges.timingAttackChallenge, () => { return count > 2 })
41db.reviewsCollection.update(
42{ _id: id },
43{ $set: { likedBy } }
44).then(
45(result: any) => {
46res.json(result)
47}, (err: unknown) => {
48res.status(500).json(err)
49})
50}, () => {
51res.status(400).json({ error: 'Wrong Params' })
52})
53}, 150)
54}, (err: unknown) => {
55res.status(500).json(err)
56})
57} else {
58res.status(403).json({ error: 'Not allowed' })
59}
60}
61}, () => {
62res.status(400).json({ error: 'Wrong Params' })
63})
64}
65}
66