fix: Validate push notification payload; fixes a security vulnerability in which the adapter can crash Parse Server due to an invalid push notification payload (#217)

Author: mtrezza

spec/APNS.spec.js

@@ -104,7 +104,7 @@ describe('APNS', () => {
 
     var prodApnsConnection = apns.providers[0];
     expect(prodApnsConnection.index).toBe(0);
-    
+
     // TODO: Remove this checking onec we inject APNS
     var prodApnsOptions = prodApnsConnection.client.config;
     expect(prodApnsOptions.cert).toBe(args[1].cert);
@@ -239,7 +239,7 @@ describe('APNS', () => {
     expect(notification.pushType).toEqual('alert');
     done();
   });
-  
+
   it('can generate APNS notification from raw data', (done) => {
       //Mock request data
       let data = {
@@ -259,17 +259,17 @@ describe('APNS', () => {
       let collapseId = "collapseIdentifier";
       let pushType = "background";
       let priority = 5;
-  
+
       let notification = APNS._generateNotification(data, { expirationTime: expirationTime, collapseId: collapseId, pushType: pushType, priority: priority });
-  
+
       expect(notification.expiry).toEqual(Math.round(expirationTime / 1000));
       expect(notification.collapseId).toEqual(collapseId);
       expect(notification.pushType).toEqual(pushType);
       expect(notification.priority).toEqual(priority);
-  
+
       let stringifiedJSON = notification.compile();
       let jsonObject = JSON.parse(stringifiedJSON);
-  
+
       expect(jsonObject.aps.alert).toEqual({ "loc-key" : "GAME_PLAY_REQUEST_FORMAT", "loc-args" : [ "Jenna", "Frank"] });
       expect(jsonObject.aps.badge).toEqual(100);
       expect(jsonObject.aps.sound).toEqual('test');
@@ -315,6 +315,20 @@ describe('APNS', () => {
     done();
   });
 
+  it('does log on invalid APNS notification', async () => {
+    const args = {
+      cert: new Buffer('testCert'),
+      key: new Buffer('testKey'),
+      production: true,
+      topic: 'topic'
+    };
+    const log = require('npmlog');
+    const spy = spyOn(log, 'warn');
+    const apns = new APNS(args);
+    apns.send();
+    expect(spy).toHaveBeenCalled();
+  });
+
   it('can send APNS notification', (done) => {
     let args = {
       cert: new Buffer('testCert'),

spec/GCM.spec.js

@@ -10,7 +10,7 @@ function mockSender(gcm) {
         {"error":"InvalidRegistration"},
         {"error":"InvalidRegistration"},
         {"error":"InvalidRegistration"}] }*/
-    
+
     let tokens = options.registrationTokens;
     const response = {
       multicast_id: 7680139367771848000,
@@ -58,6 +58,14 @@ describe('GCM', () => {
     done();
   });
 
+  it('does log on invalid APNS notification', async () => {
+    const log = require('npmlog');
+    const spy = spyOn(log, 'warn');
+    const gcm = new GCM({apiKey: 'apiKey'});
+    gcm.send();
+    expect(spy).toHaveBeenCalled();
+  });
+
   it('can generate GCM Payload without expiration time', (done) => {
     //Mock request data
     var requestData = {

src/APNS.js

@@ -70,7 +70,11 @@ export class APNS {
    * @returns {Object} A promise which is resolved immediately
    */
   send(data, allDevices) {
-    let coreData = data.data;
+    let coreData = data && data.data;
+    if (!coreData || !allDevices || !Array.isArray(allDevices)) {
+      log.warn(LOG_PREFIX, 'invalid push payload');
+      return;
+    }
     let expirationTime = data['expiration_time'] || coreData['expiration_time'];
     let collapseId = data['collapse_id'] || coreData['collapse_id'];
     let pushType = data['push_type'] || coreData['push_type'];

src/GCM.js

@@ -26,6 +26,10 @@ GCM.GCMRegistrationTokensMax = GCMRegistrationTokensMax;
  * @returns {Object} A promise which is resolved after we get results from gcm
  */
 GCM.prototype.send = function(data, devices) {
+  if (!data || !devices || !Array.isArray(devices)) {
+    log.warn(LOG_PREFIX, 'invalid push payload');
+    return;
+  }
   let pushId = randomString(10);
   // Make a new array
   devices=devices.slice(0);