Giter VIP home page Giter VIP logo

Comments (13)

yocontra avatar yocontra commented on August 17, 2024

Can you post the code you're having an issue with?

from fusker.

alejandro avatar alejandro commented on August 17, 2024

Yes :: https://gist.github.com/1494041

from fusker.

yocontra avatar yocontra commented on August 17, 2024

Ah fusker changed and I forgot to update the express example. You should be doing it like

var express = require('express')
var app = exports.app = express.createServer();

var fusker = require('fusker');
fusker.config.dir = process.cwd();
fusker.config.banLength = 1;
fusker.config.verbose = true;
fusker.http.detect('csrf', 'xss', 'sqli', 'lfi', '404');
fusker.http.punish('blacklist', 'bush');
fusker.socket.detect('xss', 'sqli', 'lfi');
fusker.socket.punish('blacklist');

app.configure(function() {
   app.use(fusker.express.check);
   //...
});

//...

app.all('/*', detectMobile, function(req, res, next) { //Line 468 <- throw error about PUSH
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "X-Requested-With");
    res.header('Strict-Transport-Security', 'max-age=31556926; includeSubDomains');
    next();
});

from fusker.

alejandro avatar alejandro commented on August 17, 2024

No... That doesn't work.

Update:

OH! Looks like the app.all method is not supported by fusker. If I delete those lines there is no error.

from fusker.

yocontra avatar yocontra commented on August 17, 2024

Sorry I'm not very familiar with Express. Do you know why app.all would be causing an issue?

from fusker.

alejandro avatar alejandro commented on August 17, 2024

Not really. Looking to the express code:

/**
 * Special-cased "all" method, applying the given route `path`,
 * middleware, and callback to _every_ HTTP method.
 *
 * @param {String} path
 * @param {Function} ...
 * @return {Server} for chaining
 * @api public
 */
app.all = function(path){
  var args = arguments;
  if (1 == args.length) return this.routes.lookup('all', path);
  methods.forEach(function(method){
    if ('all' == method) return;
    app[method].apply(this, args);
  }, this);
  return this;
};

So basically, that method only applies my options to every VERB, nothing obscured I think. Sadly I'm not that into coffee-script to see fusker code. Trying to read now. ;)

from fusker.

panosru avatar panosru commented on August 17, 2024

I can't get fusker to work with express either... I setup fusker as you mentioned but here is the output of my application:

root@dev:/home/rnd/domains/design.rnd/public_html/app-ui# npm start

> [email protected] start /home/rnd/domains/design.rnd/public_html/app-ui
> NODE_ENV=development nodemon -d 0

27 Jan 06:39:49 - [nodemon] v0.6.7
27 Jan 06:39:49 - [nodemon] watching: /home/rnd/domains/design.rnd/public_html/app-ui
27 Jan 06:39:49 - [nodemon] starting `node app.js`
27 Jan 06:39:49 - [nodemon] reading ignore list
The "sys" module is now called "util". It should have a similar interface.

Express server listening on port 3000 in development mode
GET /
[fusker - debug] HTTP: 172.16.210.130 -> /generated/bundle/e764825_global.js
TypeError: undefined is not a function
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:105:25
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:119:14
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:97:13
    at Array.forEach (native)
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:26:24
    at Object.forEach (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:96:9)
    at Object.processRequest (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:121:18)
    at Object.handle (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/express.coffee:6:10)
    at next (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/express/node_modules/connect/lib/http.js:203:15)
    at pass (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/express/lib/router/index.js:219:24)

[fusker - debug] HTTP: 172.16.210.130 -> /generated/bundle/87ae25b_head.js
TypeError: undefined is not a function
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:105:25
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:119:14
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:97:13
    at Array.forEach (native)
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:26:24
    at Object.forEach (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:96:9)
    at Object.processRequest (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:121:18)
    at Object.handle (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/express.coffee:6:10)
    at next (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/express/node_modules/connect/lib/http.js:203:15)
    at pass (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/express/lib/router/index.js:219:24)

[fusker - warn] HTTP attack detected! Module: 404 IP: 172.16.210.130
[fusker - debug] 172.16.210.130 has been blacklisted for 1 min


http.js:562

    throw new Error("Can't render headers after they are sent to the client.")











^


Error: Can't render headers after they are sent to the client.
    at ServerResponse.<anonymous> (http.js:562:11)
    at ServerResponse._renderHeaders (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/express/node_modules/connect/lib/patch.js:76:25)
    at ServerResponse.writeHead (http.js:824:20)
    at Object.run (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http-payloads/bush.js:2:7)
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:129:14
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:97:13
    at Array.forEach (native)
    at /home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:26:24
    at Object.forEach (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/node_modules/async/lib/async.js:96:9)
    at Object.handleAttack (/home/rnd/domains/design.rnd/public_html/app-ui/node_modules/fusker/lib/http.coffee:132:18)

27 Jan 06:40:06 - [nodemon] app crashed - waiting for file changes before starting...

from fusker.

yocontra avatar yocontra commented on August 17, 2024

Don't use any middleware that sends headers - fusker manages that. Don't worry about it though, fusker is being deprecated. I'm working on a new library called 'slate' that will come with express-compatible fusker plugins.

from fusker.

panosru avatar panosru commented on August 17, 2024

@contra hi! Thanks for the reply! Do you have "slate" available on a public repo or you currently work on it locally? :) thanks!

from fusker.

yocontra avatar yocontra commented on August 17, 2024

Slate doesn't have a lot of the features express does, it most likely isn't what you're looking for. https://github.com/wearefractal/slate

from fusker.

panosru avatar panosru commented on August 17, 2024

@contra Hello, I got the point, so slate is not a middleware to connect or express :) Thanks for your support though :)

Could you suggest me anything to check-out regarding security on web pages build with node.js? I saw express-csrf but I was looking something similar to PHPIDS if you worked with php, phpids is very popular.

Thanks again!

from fusker.

yocontra avatar yocontra commented on August 17, 2024

You can always go for a full blown IDS like snort - I'm actually working on my own IDS written in Node but haven't finished it yet

from fusker.

yocontra avatar yocontra commented on August 17, 2024

Closing - fusker is deprecated.

from fusker.

Related Issues (4)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.