From 70732e0b7a4aeaee076c4f284c223e5333794f51 Mon Sep 17 00:00:00 2001 From: Ingo Fischer Date: Mon, 13 Jul 2020 23:09:43 +0200 Subject: [PATCH] * (Apollon77) update amazon-cookie library to work around amazon security changes * (Apollon77) Prevent crash on invalid data in request data (Sentry IOBROKER-ALEXA2-1A) * (Apollon77) Make sure to handle invalid list responses correctly (Sentry IOBROKER-ALEXA2-1T) --- README.md | 5 ++++ alexa-remote.js | 64 +++++++++++++++++++++++++++-------------------- package-lock.json | 40 ++++++++++++++--------------- package.json | 4 +-- 4 files changed, 64 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index bfd0aaae..368ded40 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,11 @@ Thank you for that work. ## Changelog: +### __WORK IN PROGRESS__ +* (Apollon77) update amazon-cookie library to work around amazon security changes +* (Apollon77) Prevent crash on invalid data in request data (Sentry IOBROKER-ALEXA2-1A) +* (Apollon77) Make sure to handle invalid list responses correctly (Sentry IOBROKER-ALEXA2-1T) + ### 3.2.2 (2020-06-17) * (Apollon77) Optimize Request Handling to also Handle timeouts correctly * (Apollon77) Increase timeouts for some Smart Home calls to 30s diff --git a/alexa-remote.js b/alexa-remote.js index 0c194e39..de7df2ce 100755 --- a/alexa-remote.js +++ b/alexa-remote.js @@ -799,38 +799,48 @@ class AlexaRemote extends EventEmitter { delete logOptions.headers.Referer; delete logOptions.headers.Origin; this._options.logger && this._options.logger('Alexa-Remote: Sending Request with ' + JSON.stringify(logOptions) + ((options.method === 'POST' || options.method === 'PUT' || options.method === 'DELETE') ? ' and data=' + flags.data : '')); - - let req = https.request(options, (res) => { - let body = ''; - res.on('data', (chunk) => { - body += chunk; - }); + let req; + try { + req = https.request(options, (res) => { + let body = ''; - res.on('end', () => { - let ret; - - if (typeof callback === 'function') { - if (!body) { // Method 'DELETE' may return HTTP STATUS 200 without body - this._options.logger && this._options.logger('Alexa-Remote: Response: No body'); - return typeof res.statusCode === 'number' && res.statusCode%100 === 2 ? callback(null, { 'success': true }) : callback(new Error('no body'), null); - } - - try { - ret = JSON.parse(body); - } catch (e) { - this._options.logger && this._options.logger('Alexa-Remote: Response: No/Invalid JSON'); - callback && callback (new Error('no JSON'), body); + res.on('data', (chunk) => { + body += chunk; + }); + + res.on('end', () => { + let ret; + + if (typeof callback === 'function') { + if (!body) { // Method 'DELETE' may return HTTP STATUS 200 without body + this._options.logger && this._options.logger('Alexa-Remote: Response: No body'); + return typeof res.statusCode === 'number' && res.statusCode % 100 === 2 ? callback(null, {'success': true}) : callback(new Error('no body'), null); + } + + try { + ret = JSON.parse(body); + } catch (e) { + this._options.logger && this._options.logger('Alexa-Remote: Response: No/Invalid JSON'); + callback && callback(new Error('no JSON'), body); + callback = null; + return; + } + + this._options.logger && this._options.logger('Alexa-Remote: Response: ' + JSON.stringify(ret)); + callback(null, ret); callback = null; - return; } - - this._options.logger && this._options.logger('Alexa-Remote: Response: ' + JSON.stringify(ret)); - callback (null, ret); - callback = null; - } + }); }); - }); + } catch(err) { + this._options.logger && this._options.logger('Alexa-Remote: Response: Exception: ' + err); + if (typeof callback === 'function'/* && callback.length >= 2*/) { + callback (err, null); + callback = null; + } + return; + } req.on('error', (e) => { this._options.logger && this._options.logger('Alexa-Remote: Response: Error: ' + e); diff --git a/package-lock.json b/package-lock.json index d8cbc316..0a185692 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,9 +32,9 @@ } }, "@types/node": { - "version": "14.0.13", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.13.tgz", - "integrity": "sha512-rouEWBImiRaSJsVA+ITTFM6ZxibuAlTuNOCyxVbwreu6k6+ujs7DfnU9o+PShFhET78pMBl3eH+AGSI5eOTkPA==" + "version": "14.0.23", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.23.tgz", + "integrity": "sha512-Z4U8yDAl5TFkmYsZdFPdjeMa57NOvnaf1tljHzhouaPEp7LCj2JKkejpI1ODviIAQuW4CcQmxkQ77rnLsOOoKw==" }, "accepts": { "version": "1.3.7", @@ -72,13 +72,13 @@ } }, "alexa-cookie2": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/alexa-cookie2/-/alexa-cookie2-3.2.1.tgz", - "integrity": "sha512-Ll+ycfYBYBmEP5U2tKKimGpc7sljwDHNVC8bPAhcIMjc/MK0Nzubx3/T9lijnJbSyRX4Hhvfaap0qrF7kgX7uw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/alexa-cookie2/-/alexa-cookie2-3.3.0.tgz", + "integrity": "sha512-jgQpmALywKWMnJss2XqxV41+L7Q5mQv/m+a+cr1cotgy/0wVh3igsZFW/qBrAk3KdpcLFa53hMXjCGgHHN7UPg==", "requires": { "cookie": "^0.4.1", "express": "^4.17.1", - "http-proxy-middleware": "^1.0.4", + "http-proxy-middleware": "^1.0.5", "http-proxy-response-rewrite": "^0.0.1", "https": "^1.0.0", "querystring": "^0.2.0" @@ -388,9 +388,9 @@ } }, "follow-redirects": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.12.0.tgz", - "integrity": "sha512-JgawlbfBQKjbKegPn8vUsvJqplE7KHJuhGO4yPcb+ZOIYKSr+xobMVlfRBToZwZUUxy7lFiKBdFNloz9ui368Q==" + "version": "1.12.1", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.12.1.tgz", + "integrity": "sha512-tmRv0AVuR7ZyouUHLeNSiO6pqulF7dYa3s19c6t+wz9LD69/uSzdMxJ2S91nTI9U3rt/IldxpzMOFejp6f0hjg==" }, "forwarded": { "version": "0.1.2", @@ -431,14 +431,14 @@ } }, "http-proxy-middleware": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-1.0.4.tgz", - "integrity": "sha512-8wiqujNWlsZNbeTSSWMLUl/u70xbJ5VYRwPR8RcAbvsNxzAZbgwLzRvT96btbm3fAitZUmo5i8LY6WKGyHDgvA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-1.0.5.tgz", + "integrity": "sha512-CKzML7u4RdGob8wuKI//H8Ein6wNTEQR7yjVEzPbhBLGdOfkfvgTnp2HLnniKBDP9QW4eG10/724iTWLBeER3g==", "requires": { "@types/http-proxy": "^1.17.4", "http-proxy": "^1.18.1", "is-glob": "^4.0.1", - "lodash": "^4.17.15", + "lodash": "^4.17.19", "micromatch": "^4.0.2" } }, @@ -513,9 +513,9 @@ } }, "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.19", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", + "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" }, "media-typer": { "version": "0.3.0", @@ -834,9 +834,9 @@ "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" }, "uuid": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.1.0.tgz", - "integrity": "sha512-CI18flHDznR0lq54xBycOVmphdCYnQLKn8abKn7PXUiKUGdEd+/l9LWNJmugXel4hXq7S+RMNl34ecyC9TntWg==" + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.2.0.tgz", + "integrity": "sha512-CYpGiFTUrmI6OBMkAdjSDM0k5h8SkkiTP4WAjQgDgNB1S3Ou9VBEvr6q0Kv2H1mMk7IWfxYGpMH5sd5AvcIV2Q==" }, "vary": { "version": "1.1.2", diff --git a/package.json b/package.json index 18267f61..00b0aea2 100644 --- a/package.json +++ b/package.json @@ -25,12 +25,12 @@ "layla.amazon.de" ], "dependencies": { - "alexa-cookie2": "^3.2.1", + "alexa-cookie2": "^3.3.0", "https": "^1.0.0", "querystring": "^0.2.0", "ws": "^7.3.1", "extend": "^3.0.2", - "uuid": "^8.1.0" + "uuid": "^8.2.0" }, "devDependencies": { "@alcalzone/release-script": "^1.6.0"