Fix security middleware to allow file content in API endpoints

usmannasir · usmannasir · commit e65109feca1d · 2025-10-26T15:08:34.000+05:00
- Add bypass check for 'content' field INSIDE isAPIEndpoint block
- Prevents blocking of legitimate JavaScript/PHP code in replace-file API
- Bypass list includes: content, fileContent, configData, rewriteRules, modSecRules
- Security check still applies to other fields in API requests
- Fixes: Replace-file API being blocked by security middleware
diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
@@ -192,9 +192,13 @@ def __call__(self, request):
                                    pathActual.find('/api/') > -1 or pathActual.find('aiscanner/scheduled-scans') > -1)
                     
                     if isAPIEndpoint:
+                        # Skip validation for fields that contain legitimate code/scripts
+                        if key == 'content' or key == 'fileContent' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'contentNow' or key == 'emailMessage':
+                            continue
+
                         # For API endpoints, still check for the most dangerous command injection characters
-                        if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or 
-                            value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or 
+                        if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or
+                            value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or
                             value.find('...') > -1 or value.find("`") > -1 or value.find("$") > -1 or
                             value.find('../') > -1 or value.find('../../') > -1):
                             logging.writeToFile(request.body)
@@ -212,7 +216,7 @@ def __call__(self, request):
                             or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' \
                             or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \
                             or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow' \
-                            or key == 'time_of_day' or key == 'notification_emails' or key == 'domains':
+                            or key == 'time_of_day' or key == 'notification_emails' or key == 'domains' or key == 'content':
                         continue
 
                     # Skip validation for API endpoints that need JSON structure characters
