torsten/trainingstagebuch
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor WebSocket upgrade key generation for improved security

Browse Source 
This commit updates the `testWebSocket.js` and `testWebSocketApache.js` scripts to enhance the generation of the Sec-WebSocket-Key. The key is now generated using a secure method that allocates 16 bytes of random data, ensuring compliance with WebSocket protocol requirements. This change improves the robustness of WebSocket upgrade requests in both scripts.
This commit is contained in:
Torsten Schulz (local)
2025-11-16 00:02:55 +01:00
parent bbdc923950
commit bd95f77131
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/scripts/testWebSocket.js
View File

@@ -75,7 +75,12 @@ pollingReq.setTimeout(5000, () => {
function testWebSocketUpgrade(host, port, sessionId) {
// WebSocket-Upgrade-Request
const wsKey = Buffer.from(Math.random().toString()).toString('base64').substring(0, 16);
// Sec-WebSocket-Key muss 16 Bytes (128 Bits) sein, base64-encoded
const wsKey = Buffer.allocUnsafe(16);
for (let i = 0; i < 16; i++) {
wsKey[i] = Math.floor(Math.random() * 256);
}
const wsKeyBase64 = wsKey.toString('base64');
const path = sessionId
? `/socket.io/?EIO=4&transport=websocket&sid=${sessionId}`
: '/socket.io/?EIO=4&transport=websocket';
@@ -88,7 +93,7 @@ function testWebSocketUpgrade(host, port, sessionId) {
headers: {
'Upgrade': 'websocket',
'Connection': 'Upgrade',
'Sec-WebSocket-Key': wsKey,
'Sec-WebSocket-Key': wsKeyBase64,
'Sec-WebSocket-Version': '13',
'Sec-WebSocket-Protocol': 'chat, superchat'
}

9
backend/scripts/testWebSocketApache.js
View File

@@ -77,7 +77,12 @@ pollingReq.setTimeout(10000, () => {
function testWebSocketUpgrade(baseUrl, sessionId, useHttps) {
// WebSocket-Upgrade-Request
const wsKey = Buffer.from(Math.random().toString()).toString('base64').substring(0, 16);
// Sec-WebSocket-Key muss 16 Bytes (128 Bits) sein, base64-encoded
const wsKey = Buffer.allocUnsafe(16);
for (let i = 0; i < 16; i++) {
wsKey[i] = Math.floor(Math.random() * 256);
}
const wsKeyBase64 = wsKey.toString('base64');
const path = sessionId
? `/socket.io/?EIO=4&transport=websocket&sid=${sessionId}`
: `/socket.io/?EIO=4&transport=websocket`;
@@ -91,7 +96,7 @@ function testWebSocketUpgrade(baseUrl, sessionId, useHttps) {
headers: {
'Upgrade': 'websocket',
'Connection': 'Upgrade',
'Sec-WebSocket-Key': wsKey,
'Sec-WebSocket-Key': wsKeyBase64,
'Sec-WebSocket-Version': '13',
'Sec-WebSocket-Protocol': 'chat, superchat',
'Origin': baseUrl