Security-Patches Node Module
Description
This node module is used to patch the following security issues:
1). Removes weak MD5 hash encryption, to prevent collision attacks.
2). Add following limitations to 'upload files' input field to prevent denial-of-service attack.
- Added limit to the size of the file thats being uploaded.
- Added limit to the number of files that can be uploaded at once.
Installation
Please Follow the following steps:
1). Use the command the install security-patches node module
** Note : Make sure that the node module is installed globally.
npm i -g security-patches
2). Run the following command and pass your application file path as an argument
** Note : Make sure the file path is correct and finishes with 'server' as the end directory.
** Note : Security patches currently only work for 'server' applications.
run-security-patches <FilePath>
3). After executing the previous command you will see the following message and options
- Enter the number corresponding to the issue you want to fix and press enter.
- Enter the number corresponding to 'Exit' option to exit the function.
Setup Limitations for Input fields (OPTIONAL)
1). Open Studio and the server application, navigate to 'Environments' tab.
** Note : 1024 * 1024 * 1024 refers to 1.07 GB as max file size.
2). Enter following variable names in 'Enter property name*' input field with its values in 'Enter property value*' input field as press 'Add'. as shown in screen shot above.
MULTER_OPTION_FILESIZE : 1024 * 1024 * 1024,
MULTER_OPTION_FIELDS : 1000,
MULTER_OPTION_FILES : 1000,
MULTER_OPTION_PARTS : 100,
** Note : These are the default value settings, please change them according to your needs.