fix(ocr): sanitize Graph validationToken echo to prevent reflected XSS#250
Open
gnjoseph wants to merge 1 commit into
Open
fix(ocr): sanitize Graph validationToken echo to prevent reflected XSS#250gnjoseph wants to merge 1 commit into
gnjoseph wants to merge 1 commit into
Conversation
CodeQL js/reflected-xss (high) flagged AI/ocr/server/onReceiptAdded.ts: the Microsoft Graph subscription validationToken from req.query was echoed straight into the HTTP response body. Although the response is sent as text/plain, a user-controlled value reflected verbatim is a reflected XSS sink (browsers can MIME-sniff, and the value is attacker influenceable). Graph requires the opaque, URL-safe validationToken to be echoed back to complete the subscription handshake, so strip any character outside the token's known-safe set (base64url/base64) before reflecting it. This is a no-op for legitimate tokens while removing the characters needed for XSS. Also set X-Content-Type-Options: nosniff as defense in depth. Verified on Windows (Node 24): backend builds; validate-sample.ps1 backend smoke passes; a legitimate token echoes verbatim (handshake intact) while '<script>alert(1)</script>' is returned as 'scriptalert1/script' (angle brackets stripped). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Fixes the CodeQL
js/reflected-xss(high severity) alert on#248— the check currently failing on that PR (mergeStateStatus: UNSTABLE). Targetsuser/dluces/sample_app_test_planso it flows into #248 after review (same pattern as #249).The vulnerability
AI/ocr/server/onReceiptAdded.tsechoed the Microsoft Graph subscriptionvalidationToken(fromreq.query) straight into the HTTP response body:The value is attacker-influenceable and reflected verbatim. Even as
text/plain, this is a reflected-XSS sink (browser MIME-sniffing, and the value is user-controlled). Introduced when the OCR backend was ported fromrestifytoexpress(b4b864f).The fix
Graph requires the opaque, URL-safe
validationTokento be echoed back verbatim to complete the subscription handshake, so I strip any character outside the token's known-safe set (base64url/base64:A–Z a–z 0–9 . _ ~ + / = -and space) before reflecting it, and addX-Content-Type-Options: nosniff:This is a no-op for legitimate tokens (so the Graph handshake still works) while removing the characters needed for XSS (
<,>,", etc.).Verification (Windows, Node 24)
npm run build:backendcompiles clean.validate-sample.ps1OCR backend smoke passes.abc123-XYZ_.~token==→ echoed verbatim (MATCH: True),Content-Type: text/plain,X-Content-Type-Options: nosniff.<script>alert(1)</script>→ returned asscriptalert1/script(all angle brackets stripped).CodeQL will re-run on this PR to confirm the alert is resolved.
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com