fix(core): Prevent bots from scanning the application (no-changelog) (#7066)

N8N-6878
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2023-09-01 13:54:35 +02:00 committed by GitHub
parent a693b29134
commit 2432dcc661
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 6 deletions

View file

@ -142,6 +142,7 @@
"infisical-node": "^1.3.0",
"inquirer": "^7.0.1",
"ioredis": "^5.2.4",
"isbot": "^3.6.13",
"json-diff": "^1.0.6",
"jsonschema": "^1.4.1",
"jsonwebtoken": "^9.0.0",

View file

@ -3,6 +3,9 @@ import { readFile } from 'fs/promises';
import type { Server } from 'http';
import express from 'express';
import compression from 'compression';
import isbot from 'isbot';
import { jsonParse, LoggerProxy as Logger } from 'n8n-workflow';
import config from '@/config';
import { N8N_VERSION, inDevelopment, inTest } from '@/constants';
import { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner';
@ -16,7 +19,6 @@ import { TestWebhooks } from '@/TestWebhooks';
import { WaitingWebhooks } from '@/WaitingWebhooks';
import { webhookRequestHandler } from '@/WebhookHelpers';
import { RedisService } from '@/services/redis.service';
import { jsonParse } from 'n8n-workflow';
import { eventBus } from './eventbus';
import type { AbstractEventMessageOptions } from './eventbus/EventMessageClasses/AbstractEventMessageOptions';
import { getEventMessageObjectByType } from './eventbus/EventMessageClasses/Helpers';
@ -270,6 +272,16 @@ export abstract class AbstractServer {
);
}
// Block bots from scanning the application
const checkIfBot = isbot.spawn(['bot']);
this.app.use((req, res, next) => {
const userAgent = req.headers['user-agent'];
if (!userAgent || checkIfBot(userAgent)) {
Logger.info(`Blocked ${req.method} ${req.url} for "${userAgent}"`);
res.status(204).end();
} else next();
});
if (inDevelopment) {
this.setupDevMiddlewares();
}

View file

@ -828,7 +828,7 @@
"iconv-lite": "^0.6.2",
"ics": "^2.27.0",
"imap-simple": "^4.3.0",
"isbot": "^3.3.4",
"isbot": "^3.6.13",
"iso-639-1": "^2.1.3",
"js-nacl": "^1.4.0",
"jsonwebtoken": "^9.0.0",

View file

@ -317,6 +317,9 @@ importers:
ioredis:
specifier: ^5.2.4
version: 5.2.4
isbot:
specifier: ^3.6.13
version: 3.6.13
json-diff:
specifier: ^1.0.6
version: 1.0.6
@ -1061,8 +1064,8 @@ importers:
specifier: ^4.3.0
version: 4.3.0
isbot:
specifier: ^3.3.4
version: 3.6.1
specifier: ^3.6.13
version: 3.6.13
iso-639-1:
specifier: ^2.1.3
version: 2.1.15
@ -14366,8 +14369,8 @@ packages:
/isarray@2.0.5:
resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==}
/isbot@3.6.1:
resolution: {integrity: sha512-e1RmjWns87x60QyiHberWWMJGutL3+Ad0nZ8cz735iDEDDS6ApPfKSFo4EMj0PmMZ0m0ntpWIM0ADdqDFvUJPQ==}
/isbot@3.6.13:
resolution: {integrity: sha512-uoP4uK5Dc2CrabmK+Gue1jTL+scHiCc1c9rblRpJwG8CPxjLIv8jmGyyGRGkbPOweayhkskdZsEQXG6p+QCQrg==}
engines: {node: '>=12'}
dev: false