From 2432dcc6612aa203c1db9820c5b4783fadd10f26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Fri, 1 Sep 2023 13:54:35 +0200 Subject: [PATCH] fix(core): Prevent bots from scanning the application (no-changelog) (#7066) N8N-6878 --- packages/cli/package.json | 1 + packages/cli/src/AbstractServer.ts | 14 +++++++++++++- packages/nodes-base/package.json | 2 +- pnpm-lock.yaml | 11 +++++++---- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index c5f0136cc9..2abed7f6ab 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -142,6 +142,7 @@ "infisical-node": "^1.3.0", "inquirer": "^7.0.1", "ioredis": "^5.2.4", + "isbot": "^3.6.13", "json-diff": "^1.0.6", "jsonschema": "^1.4.1", "jsonwebtoken": "^9.0.0", diff --git a/packages/cli/src/AbstractServer.ts b/packages/cli/src/AbstractServer.ts index a865a4f80e..fa321a6724 100644 --- a/packages/cli/src/AbstractServer.ts +++ b/packages/cli/src/AbstractServer.ts @@ -3,6 +3,9 @@ import { readFile } from 'fs/promises'; import type { Server } from 'http'; import express from 'express'; import compression from 'compression'; +import isbot from 'isbot'; +import { jsonParse, LoggerProxy as Logger } from 'n8n-workflow'; + import config from '@/config'; import { N8N_VERSION, inDevelopment, inTest } from '@/constants'; import { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner'; @@ -16,7 +19,6 @@ import { TestWebhooks } from '@/TestWebhooks'; import { WaitingWebhooks } from '@/WaitingWebhooks'; import { webhookRequestHandler } from '@/WebhookHelpers'; import { RedisService } from '@/services/redis.service'; -import { jsonParse } from 'n8n-workflow'; import { eventBus } from './eventbus'; import type { AbstractEventMessageOptions } from './eventbus/EventMessageClasses/AbstractEventMessageOptions'; import { getEventMessageObjectByType } from './eventbus/EventMessageClasses/Helpers'; @@ -270,6 +272,16 @@ export abstract class AbstractServer { ); } + // Block bots from scanning the application + const checkIfBot = isbot.spawn(['bot']); + this.app.use((req, res, next) => { + const userAgent = req.headers['user-agent']; + if (!userAgent || checkIfBot(userAgent)) { + Logger.info(`Blocked ${req.method} ${req.url} for "${userAgent}"`); + res.status(204).end(); + } else next(); + }); + if (inDevelopment) { this.setupDevMiddlewares(); } diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json index 766e1ac342..08db8673c1 100644 --- a/packages/nodes-base/package.json +++ b/packages/nodes-base/package.json @@ -828,7 +828,7 @@ "iconv-lite": "^0.6.2", "ics": "^2.27.0", "imap-simple": "^4.3.0", - "isbot": "^3.3.4", + "isbot": "^3.6.13", "iso-639-1": "^2.1.3", "js-nacl": "^1.4.0", "jsonwebtoken": "^9.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b6434b976e..d9d6a9e029 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -317,6 +317,9 @@ importers: ioredis: specifier: ^5.2.4 version: 5.2.4 + isbot: + specifier: ^3.6.13 + version: 3.6.13 json-diff: specifier: ^1.0.6 version: 1.0.6 @@ -1061,8 +1064,8 @@ importers: specifier: ^4.3.0 version: 4.3.0 isbot: - specifier: ^3.3.4 - version: 3.6.1 + specifier: ^3.6.13 + version: 3.6.13 iso-639-1: specifier: ^2.1.3 version: 2.1.15 @@ -14366,8 +14369,8 @@ packages: /isarray@2.0.5: resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==} - /isbot@3.6.1: - resolution: {integrity: sha512-e1RmjWns87x60QyiHberWWMJGutL3+Ad0nZ8cz735iDEDDS6ApPfKSFo4EMj0PmMZ0m0ntpWIM0ADdqDFvUJPQ==} + /isbot@3.6.13: + resolution: {integrity: sha512-uoP4uK5Dc2CrabmK+Gue1jTL+scHiCc1c9rblRpJwG8CPxjLIv8jmGyyGRGkbPOweayhkskdZsEQXG6p+QCQrg==} engines: {node: '>=12'} dev: false