From 223cde831f09a49a317bc4e5926cc8a38a6fa3f2 Mon Sep 17 00:00:00 2001 From: Louis Lam <louislam@users.noreply.github.com> Date: Sat, 18 Jan 2025 23:35:40 +0800 Subject: [PATCH 1/4] Fix push examples cannot be loaded (Docker only) (#5490) --- .dockerignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 5db08b7bf..77470feb1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -32,7 +32,6 @@ tsconfig.json /extra/healthcheck.exe /extra/healthcheck /extra/exe-builder -/extra/push-examples /extra/uptime-kuma-push # Comment the following line if you want to rebuild the healthcheck binary From 03beef800652be3508ef641867cde75d7f3c8ee4 Mon Sep 17 00:00:00 2001 From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com> Date: Thu, 23 Jan 2025 02:03:38 +0800 Subject: [PATCH 2/4] BugFix:Regular Expression in parseDuration Function (#5563) Co-authored-by: Frank Elsinga <frank@elsinga.de> --- server/modules/apicache/apicache.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/apicache/apicache.js b/server/modules/apicache/apicache.js index 41930b24d..95a04d9e3 100644 --- a/server/modules/apicache/apicache.js +++ b/server/modules/apicache/apicache.js @@ -485,7 +485,7 @@ function ApiCache() { } if (typeof duration === "string") { - let split = duration.match(/^([\d\.,]+)\s?(\w+)$/); + let split = duration.match(/^([\d\.,]+)\s?([a-zA-Z]+)$/); if (split.length === 3) { let len = parseFloat(split[1]); From 7dc6191b0af91edf58b7938876aa862c2a4ac9bb Mon Sep 17 00:00:00 2001 From: Elliot Matson <ematson5897@gmail.com> Date: Fri, 24 Jan 2025 11:49:29 -0600 Subject: [PATCH 3/4] fix: add notification-fallback for better google chat popups (#5476) Co-authored-by: Frank Elsinga <frank@elsinga.de> --- server/notification-providers/google-chat.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/notification-providers/google-chat.js b/server/notification-providers/google-chat.js index 0b72fea95..9e94844d7 100644 --- a/server/notification-providers/google-chat.js +++ b/server/notification-providers/google-chat.js @@ -72,6 +72,7 @@ class GoogleChat extends NotificationProvider { // construct json data let data = { + fallbackText: chatHeader["title"], cardsV2: [ { card: { From 7a9191761dbef6551c2a0aa6eed5f693ba48d688 Mon Sep 17 00:00:00 2001 From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com> Date: Sun, 26 Jan 2025 18:52:12 +0800 Subject: [PATCH 4/4] fix: make sure that stripping backslashes for notification urls cannot cause catastophic backtracking (ReDOS) (#5573) Co-authored-by: Frank Elsinga <frank@elsinga.de> --- server/notification-providers/pushdeer.js | 3 ++- server/notification-providers/whapi.js | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/server/notification-providers/pushdeer.js b/server/notification-providers/pushdeer.js index 276c2f476..b1f675957 100644 --- a/server/notification-providers/pushdeer.js +++ b/server/notification-providers/pushdeer.js @@ -11,7 +11,8 @@ class PushDeer extends NotificationProvider { async send(notification, msg, monitorJSON = null, heartbeatJSON = null) { const okMsg = "Sent Successfully."; const serverUrl = notification.pushdeerServer || "https://api2.pushdeer.com"; - const url = `${serverUrl.trim().replace(/\/*$/, "")}/message/push`; + // capture group below is nessesary to prevent an ReDOS-attack + const url = `${serverUrl.trim().replace(/([^/])\/+$/, "$1")}/message/push`; let valid = msg != null && monitorJSON != null && heartbeatJSON != null; diff --git a/server/notification-providers/whapi.js b/server/notification-providers/whapi.js index 70e0fbb4c..d83dc470f 100644 --- a/server/notification-providers/whapi.js +++ b/server/notification-providers/whapi.js @@ -24,7 +24,7 @@ class Whapi extends NotificationProvider { "body": msg, }; - let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text"; + let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text"; await axios.post(url, data, config);