Fix CVE-2024-46256 and CVE-2024-46257

- Schema validate against bad domain characters
- Integration test for CVE POC examples
- Cypress rewrite of plugins for file upload

backend/schema/paths/nginx/certificates/post.json

@@ -72,6 +72,26 @@
 					}
 				}
 			}
+		},
+		"400": {
+			"description": "400 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"error": {
+									"code": 400,
+									"message": "Domains are invalid"
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/error.json"
+					}
+				}
+			}
 		}
 	}
 }

backend/schema/paths/nginx/certificates/validate/post.json

@@ -50,6 +50,42 @@
 								"certificate_key": true
 							}
 						}
+					},
+					"schema": {
+						"type": "object",
+						"additionalProperties": false,
+						"required": ["certificate", "certificate_key"],
+						"properties": {
+							"certificate": {
+								"type": "object",
+								"additionalProperties": false,
+								"required": ["cn", "issuer", "dates"],
+								"properties": {
+									"cn": {
+										"type": "string"
+									},
+									"issuer": {
+										"type": "string"
+									},
+									"dates": {
+										"type": "object",
+										"additionalProperties": false,
+										"required": ["from", "to"],
+										"properties": {
+											"from": {
+												"type": "integer"
+											},
+											"to": {
+												"type": "integer"
+											}
+										}
+									}
+								}
+							},
+							"certificate_key": {
+								"type": "boolean"
+							}
+						}
 					}
 				}
 			}
@@ -67,6 +103,9 @@
 								}
 							}
 						}
+					},
+					"schema": {
+						"$ref": "../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/streams/streamID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/streams/streamID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}