studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(frontend) enhance notification data decoding with improved validation

Browse Source 
Strengthen decodeNotificationDataReceived function with additional validation
to properly handle malicious input. Ensures application security when
processing potentially dangerous notification data from untrusted sources.
This commit is contained in:
lebaudantoine
2025-03-03 23:48:05 +01:00
committed by aleb_the_flash
parent 38c3776556
commit 49163eba67
3 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/frontend/src/features/notifications/MainNotificationToast.tsx
View File

@@ -69,11 +69,11 @@ export const MainNotificationToast = () => {
payload: Uint8Array, payload: Uint8Array,
participant?: RemoteParticipant participant?: RemoteParticipant
) => { ) => {
const { type, data } = decodeNotificationDataReceived(payload) const notification = decodeNotificationDataReceived(payload)
if (!participant) return if (!participant || !notification) return
switch (type) { switch (notification.type) {
case NotificationType.ParticipantMuted: case NotificationType.ParticipantMuted:
toastQueue.add( toastQueue.add(
{ {
@@ -84,7 +84,8 @@ export const MainNotificationToast = () => {
) )
break break
case NotificationType.ReactionReceived: case NotificationType.ReactionReceived:
if (data?.emoji) handleEmoji(data.emoji, participant) if (notification.data?.emoji)
handleEmoji(notification.data.emoji, participant)
break break
default: default:
return return

21
src/frontend/src/features/notifications/utils.ts
View File

@@ -30,7 +30,22 @@ export const closeLowerHandToasts = () => {
export const decodeNotificationDataReceived = ( export const decodeNotificationDataReceived = (
payload: Uint8Array payload: Uint8Array
): NotificationPayload => { ): NotificationPayload | undefined => {
const decoder = new TextDecoder() if (!payload || !(payload instanceof Uint8Array)) {
return JSON.parse(decoder.decode(payload)) throw new Error('Invalid payload: expected Uint8Array')
}
try {
const decoder = new TextDecoder()
const jsonString = decoder.decode(payload)
if (!jsonString || typeof jsonString !== 'string') {
throw new Error('Invalid decoded content')
}
// Parse with additional validation if needed
const parsed = JSON.parse(jsonString)
return parsed as NotificationPayload
} catch (error) {
// Handle errors appropriately for your application
console.error('Failed to decode notification payload:', error)
return
}
} }

4
src/frontend/src/features/rooms/hooks/useWaitingParticipants.ts
View File

@@ -23,8 +23,8 @@ export const useWaitingParticipants = () => {
const isAdminOrOwner = useIsAdminOrOwner() const isAdminOrOwner = useIsAdminOrOwner()
const handleDataReceived = useCallback((payload: Uint8Array) => { const handleDataReceived = useCallback((payload: Uint8Array) => {
const { type } = decodeNotificationDataReceived(payload) const notification = decodeNotificationDataReceived(payload)
if (type === NotificationType.ParticipantWaiting) { if (notification?.type === NotificationType.ParticipantWaiting) {
setListEnabled(true) setListEnabled(true)
} }
}, []) }, [])