Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Command injection causes Heroku to die [🐛]
See original GitHub issue🐛 Bug report
Description
The Heroku instance dies if process.exit() is injected in the request URL. While this issue isn’t particular to Juice Shop’s source code, the Node Goat project is great at recovering from such a crash (it recovers instantly).
Is this a regression?
I’m not sure. It’s a problem inherent to Heroku’s instance.
🔬 Minimal Reproduction
- Goto:
https://juice-shop.herokuapp.com/rest/products/1/reviews - Replace with:
https://juice-shop.herokuapp.com/rest/products/process.exit()/reviews
App dies for everyone >10 minutes!
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Command injection causes Heroku to die [ 🐛 ] #1229 - GitHub
The Heroku instance dies if process.exit() is injected in the request URL. While this issue isn't particular to Juice Shop's source code, the ......
Read more >Troubleshooting Down the Logplex Rabbit Hole - Heroku Blog
Most failures are going to be caused by one of these conditions. Finding patterns in the crash dump will lead you to a...
Read more >Preventing Command Injection Attacks in Node.js Apps - Auth0
Command injection attacks allow attackers to run a reconnaissance of the infrastructure and steal administrative credentials or look for other ...
Read more >Heroku Ending Free Tier : r/programming - Reddit
Discord bots caused it's downfall and their free tier is basically trash for anything but non-periodical testing.
Read more >Heroku run rake db.migrate / Error: A connection attempt failed
I am experiencing problems with the "heroku run rake db:migrate" command. It complains about an " ! Heroku client internal error", ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
/rest/products/global['proc'+'ess']['ex'+'it']()/reviews😉This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs.