mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
e99ff3e046
Fixes #33732 Base64-encodes the `install_script` and `uninstall_script` payloads for add and edit software to prevent being blocked by WAF rules and allow FMAs for Windows to be added/edited in Fleet instances running on Render. 
31 lines
1,003 B
Go
31 lines
1,003 B
Go
package service
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"net/http"
|
|
)
|
|
|
|
// ScriptsEncodedHeader is the HTTP header used to signal that script fields
|
|
// in the request body are base64-encoded. This is used to bypass WAF rules
|
|
// that may block requests containing shell/PowerShell script patterns.
|
|
const ScriptsEncodedHeader = "X-Fleet-Scripts-Encoded"
|
|
|
|
// decodeBase64Script decodes a base64-encoded script string.
|
|
// Returns empty string for empty input, which allows callers to pass through
|
|
// empty/unset script fields without modification.
|
|
func decodeBase64Script(encoded string) (string, error) {
|
|
if encoded == "" {
|
|
return "", nil
|
|
}
|
|
decoded, err := base64.StdEncoding.DecodeString(encoded)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(decoded), nil
|
|
}
|
|
|
|
// isScriptsEncoded checks if the request has the scripts encoding header
|
|
// set to "base64", indicating that script fields should be decoded.
|
|
func isScriptsEncoded(r *http.Request) bool {
|
|
return r.Header.Get(ScriptsEncodedHeader) == "base64"
|
|
}
|