From 558195ae6aaf802f18870f3effc86281d5097fa4 Mon Sep 17 00:00:00 2001 From: Eric Duminil Date: Fri, 29 Nov 2024 22:39:57 +0100 Subject: [PATCH 1/9] Allow MQTT topic to have wildcards This should fix https://github.com/louislam/uptime-kuma/issues/1669 --- server/monitor-types/mqtt.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/server/monitor-types/mqtt.js b/server/monitor-types/mqtt.js index ad734ce8e..2673e8e2f 100644 --- a/server/monitor-types/mqtt.js +++ b/server/monitor-types/mqtt.js @@ -101,11 +101,9 @@ class MqttMonitorType extends MonitorType { }); client.on("message", (messageTopic, message) => { - if (messageTopic === topic) { - client.end(); - clearTimeout(timeoutID); - resolve(message.toString("utf8")); - } + client.end(); + clearTimeout(timeoutID); + resolve(message.toString("utf8")); }); }); From a8b8a21f4c0493c5af6c84d57a248b41b4f998fd Mon Sep 17 00:00:00 2001 From: Eric Duminil Date: Sun, 1 Dec 2024 21:24:21 +0100 Subject: [PATCH 2/9] Write MQTT published topic in message So that when wildcards for monitoring are used, the full published topic is displayed. --- server/monitor-types/mqtt.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/monitor-types/mqtt.js b/server/monitor-types/mqtt.js index 2673e8e2f..7b71fbdcc 100644 --- a/server/monitor-types/mqtt.js +++ b/server/monitor-types/mqtt.js @@ -10,7 +10,7 @@ class MqttMonitorType extends MonitorType { * @inheritdoc */ async check(monitor, heartbeat, server) { - const receivedMessage = await this.mqttAsync(monitor.hostname, monitor.mqttTopic, { + const [ messageTopic, receivedMessage ] = await this.mqttAsync(monitor.hostname, monitor.mqttTopic, { port: monitor.port, username: monitor.mqttUsername, password: monitor.mqttPassword, @@ -24,7 +24,7 @@ class MqttMonitorType extends MonitorType { if (monitor.mqttCheckType === "keyword") { if (receivedMessage != null && receivedMessage.includes(monitor.mqttSuccessMessage)) { - heartbeat.msg = `Topic: ${monitor.mqttTopic}; Message: ${receivedMessage}`; + heartbeat.msg = `Topic: ${messageTopic}; Message: ${receivedMessage}`; heartbeat.status = UP; } else { throw Error(`Message Mismatch - Topic: ${monitor.mqttTopic}; Message: ${receivedMessage}`); @@ -103,7 +103,7 @@ class MqttMonitorType extends MonitorType { client.on("message", (messageTopic, message) => { client.end(); clearTimeout(timeoutID); - resolve(message.toString("utf8")); + resolve([ messageTopic, message.toString("utf8") ]); }); }); From ae439c252210e3cfe85971c5ffabb06b8ffd1aa3 Mon Sep 17 00:00:00 2001 From: Eric Duminil Date: Sun, 1 Dec 2024 21:29:30 +0100 Subject: [PATCH 3/9] Allow different topics for monitoring and publishing in MQTT tests --- test/backend-test/test-mqtt.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/test/backend-test/test-mqtt.js b/test/backend-test/test-mqtt.js index 450310298..8eecfdb40 100644 --- a/test/backend-test/test-mqtt.js +++ b/test/backend-test/test-mqtt.js @@ -9,17 +9,19 @@ const { UP, PENDING } = require("../../src/util"); * Runs an MQTT test with the * @param {string} mqttSuccessMessage the message that the monitor expects * @param {null|"keyword"|"json-query"} mqttCheckType the type of check we perform - * @param {string} receivedMessage what message is recieved from the mqtt channel + * @param {string} receivedMessage what message is received from the mqtt channel + * @param {string} monitorTopic which MQTT topic is monitored (wildcards are allowed) + * @param {string} publishTopic to which MQTT topic the message is sent * @returns {Promise} the heartbeat produced by the check */ -async function testMqtt(mqttSuccessMessage, mqttCheckType, receivedMessage) { +async function testMqtt(mqttSuccessMessage, mqttCheckType, receivedMessage, monitorTopic = "test", publishTopic = "test") { const hiveMQContainer = await new HiveMQContainer().start(); const connectionString = hiveMQContainer.getConnectionString(); const mqttMonitorType = new MqttMonitorType(); const monitor = { jsonPath: "firstProp", // always return firstProp for the json-query monitor hostname: connectionString.split(":", 2).join(":"), - mqttTopic: "test", + mqttTopic: monitorTopic, port: connectionString.split(":")[2], mqttUsername: null, mqttPassword: null, @@ -35,9 +37,9 @@ async function testMqtt(mqttSuccessMessage, mqttCheckType, receivedMessage) { const testMqttClient = mqtt.connect(hiveMQContainer.getConnectionString()); testMqttClient.on("connect", () => { - testMqttClient.subscribe("test", (error) => { + testMqttClient.subscribe(monitorTopic, (error) => { if (!error) { - testMqttClient.publish("test", receivedMessage); + testMqttClient.publish(publishTopic, receivedMessage); } }); }); From ffcdf29a0d0916cfa40c3240beac27fedb0a8cee Mon Sep 17 00:00:00 2001 From: Eric Duminil Date: Sun, 1 Dec 2024 22:03:32 +0100 Subject: [PATCH 4/9] Add MQTT tests with different topics --- test/backend-test/test-mqtt.js | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/test/backend-test/test-mqtt.js b/test/backend-test/test-mqtt.js index 8eecfdb40..537b1cbae 100644 --- a/test/backend-test/test-mqtt.js +++ b/test/backend-test/test-mqtt.js @@ -54,7 +54,7 @@ async function testMqtt(mqttSuccessMessage, mqttCheckType, receivedMessage, moni } describe("MqttMonitorType", { - concurrency: true, + concurrency: 4, skip: !!process.env.CI && (process.platform !== "linux" || process.arch !== "x64") }, () => { test("valid keywords (type=default)", async () => { @@ -63,6 +63,23 @@ describe("MqttMonitorType", { assert.strictEqual(heartbeat.msg, "Topic: test; Message: -> KEYWORD <-"); }); + test("valid nested topic", async () => { + const heartbeat = await testMqtt("KEYWORD", null, "-> KEYWORD <-", "a/b/c", "a/b/c"); + assert.strictEqual(heartbeat.status, UP); + assert.strictEqual(heartbeat.msg, "Topic: a/b/c; Message: -> KEYWORD <-"); + }); + + test("valid wildcard topic (with #)", async () => { + const heartbeat = await testMqtt("KEYWORD", null, "-> KEYWORD <-", "a/#", "a/b/c"); + assert.strictEqual(heartbeat.status, UP); + assert.strictEqual(heartbeat.msg, "Topic: a/b/c; Message: -> KEYWORD <-"); + }); + + test("valid wildcard topic (with +)", async () => { + const heartbeat = await testMqtt("KEYWORD", null, "-> KEYWORD <-", "a/+/c", "a/b/c"); + assert.strictEqual(heartbeat.status, UP); + assert.strictEqual(heartbeat.msg, "Topic: a/b/c; Message: -> KEYWORD <-"); + }); test("valid keywords (type=keyword)", async () => { const heartbeat = await testMqtt("KEYWORD", "keyword", "-> KEYWORD <-"); assert.strictEqual(heartbeat.status, UP); From 275ab89e621b861e34d37d014f6bfc1fcf6f80fd Mon Sep 17 00:00:00 2001 From: Eric Duminil Date: Sun, 1 Dec 2024 22:12:00 +0100 Subject: [PATCH 5/9] Add MQTT tests with invalid topics --- test/backend-test/test-mqtt.js | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/backend-test/test-mqtt.js b/test/backend-test/test-mqtt.js index 537b1cbae..a10e0422a 100644 --- a/test/backend-test/test-mqtt.js +++ b/test/backend-test/test-mqtt.js @@ -80,11 +80,34 @@ describe("MqttMonitorType", { assert.strictEqual(heartbeat.status, UP); assert.strictEqual(heartbeat.msg, "Topic: a/b/c; Message: -> KEYWORD <-"); }); + + test("invalid topic", async () => { + await assert.rejects( + testMqtt("keyword will not be checked anyway", null, "message", "x/y/z", "a/b/c"), + new Error("Timeout, Message not received"), + ); + }); + + test("invalid wildcard topic (with #)", async () => { + await assert.rejects( + testMqtt("", null, "# should be last character", "#/c", "a/b/c"), + new Error("Timeout, Message not received"), + ); + }); + + test("invalid wildcard topic (with +)", async () => { + await assert.rejects( + testMqtt("", null, "message", "x/+/z", "a/b/c"), + new Error("Timeout, Message not received"), + ); + }); + test("valid keywords (type=keyword)", async () => { const heartbeat = await testMqtt("KEYWORD", "keyword", "-> KEYWORD <-"); assert.strictEqual(heartbeat.status, UP); assert.strictEqual(heartbeat.msg, "Topic: test; Message: -> KEYWORD <-"); }); + test("invalid keywords (type=default)", async () => { await assert.rejects( testMqtt("NOT_PRESENT", null, "-> KEYWORD <-"), @@ -98,12 +121,14 @@ describe("MqttMonitorType", { new Error("Message Mismatch - Topic: test; Message: -> KEYWORD <-"), ); }); + test("valid json-query", async () => { // works because the monitors' jsonPath is hard-coded to "firstProp" const heartbeat = await testMqtt("present", "json-query", "{\"firstProp\":\"present\"}"); assert.strictEqual(heartbeat.status, UP); assert.strictEqual(heartbeat.msg, "Message received, expected value is found"); }); + test("invalid (because query fails) json-query", async () => { // works because the monitors' jsonPath is hard-coded to "firstProp" await assert.rejects( @@ -111,6 +136,7 @@ describe("MqttMonitorType", { new Error("Message received but value is not equal to expected value, value was: [undefined]"), ); }); + test("invalid (because successMessage fails) json-query", async () => { // works because the monitors' jsonPath is hard-coded to "firstProp" await assert.rejects( From 223cde831f09a49a317bc4e5926cc8a38a6fa3f2 Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Sat, 18 Jan 2025 23:35:40 +0800 Subject: [PATCH 6/9] Fix push examples cannot be loaded (Docker only) (#5490) --- .dockerignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 5db08b7bf..77470feb1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -32,7 +32,6 @@ tsconfig.json /extra/healthcheck.exe /extra/healthcheck /extra/exe-builder -/extra/push-examples /extra/uptime-kuma-push # Comment the following line if you want to rebuild the healthcheck binary From 03beef800652be3508ef641867cde75d7f3c8ee4 Mon Sep 17 00:00:00 2001 From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com> Date: Thu, 23 Jan 2025 02:03:38 +0800 Subject: [PATCH 7/9] BugFix:Regular Expression in parseDuration Function (#5563) Co-authored-by: Frank Elsinga --- server/modules/apicache/apicache.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/apicache/apicache.js b/server/modules/apicache/apicache.js index 41930b24d..95a04d9e3 100644 --- a/server/modules/apicache/apicache.js +++ b/server/modules/apicache/apicache.js @@ -485,7 +485,7 @@ function ApiCache() { } if (typeof duration === "string") { - let split = duration.match(/^([\d\.,]+)\s?(\w+)$/); + let split = duration.match(/^([\d\.,]+)\s?([a-zA-Z]+)$/); if (split.length === 3) { let len = parseFloat(split[1]); From 7dc6191b0af91edf58b7938876aa862c2a4ac9bb Mon Sep 17 00:00:00 2001 From: Elliot Matson Date: Fri, 24 Jan 2025 11:49:29 -0600 Subject: [PATCH 8/9] fix: add notification-fallback for better google chat popups (#5476) Co-authored-by: Frank Elsinga --- server/notification-providers/google-chat.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/notification-providers/google-chat.js b/server/notification-providers/google-chat.js index 0b72fea95..9e94844d7 100644 --- a/server/notification-providers/google-chat.js +++ b/server/notification-providers/google-chat.js @@ -72,6 +72,7 @@ class GoogleChat extends NotificationProvider { // construct json data let data = { + fallbackText: chatHeader["title"], cardsV2: [ { card: { From 7a9191761dbef6551c2a0aa6eed5f693ba48d688 Mon Sep 17 00:00:00 2001 From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com> Date: Sun, 26 Jan 2025 18:52:12 +0800 Subject: [PATCH 9/9] fix: make sure that stripping backslashes for notification urls cannot cause catastophic backtracking (ReDOS) (#5573) Co-authored-by: Frank Elsinga --- server/notification-providers/pushdeer.js | 3 ++- server/notification-providers/whapi.js | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/server/notification-providers/pushdeer.js b/server/notification-providers/pushdeer.js index 276c2f476..b1f675957 100644 --- a/server/notification-providers/pushdeer.js +++ b/server/notification-providers/pushdeer.js @@ -11,7 +11,8 @@ class PushDeer extends NotificationProvider { async send(notification, msg, monitorJSON = null, heartbeatJSON = null) { const okMsg = "Sent Successfully."; const serverUrl = notification.pushdeerServer || "https://api2.pushdeer.com"; - const url = `${serverUrl.trim().replace(/\/*$/, "")}/message/push`; + // capture group below is nessesary to prevent an ReDOS-attack + const url = `${serverUrl.trim().replace(/([^/])\/+$/, "$1")}/message/push`; let valid = msg != null && monitorJSON != null && heartbeatJSON != null; diff --git a/server/notification-providers/whapi.js b/server/notification-providers/whapi.js index 70e0fbb4c..d83dc470f 100644 --- a/server/notification-providers/whapi.js +++ b/server/notification-providers/whapi.js @@ -24,7 +24,7 @@ class Whapi extends NotificationProvider { "body": msg, }; - let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text"; + let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text"; await axios.post(url, data, config);