Merge pull request OWASP#226 from rcowsill/fix/225-research-dos

Fix crash when research page server-side request fails
dylanbthomas · Feb 7, 2021 · e2dffdb · e2dffdb
2 parents 812bfd7 + 4a4d1db
commit e2dffdb
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/app/routes/research.js b/app/routes/research.js
@@ -1,5 +1,5 @@
 const ResearchDAO = require("../data/research-dao").ResearchDAO;
-const needle = require('needle');
+const needle = require("needle");
 const {
     environmentalScripts
 } = require("../../config/config");
@@ -13,14 +13,17 @@ function ResearchHandler(db) {
 
         if (req.query.symbol) {
             const url = req.query.url + req.query.symbol;
-            return needle.get(url, (error, newResponse) => {
-                if (!error && newResponse.statusCode == 200)
+            return needle.get(url, (error, newResponse, body) => {
+                if (!error && newResponse.statusCode === 200) {
                     res.writeHead(200, {
-                        'Content-Type': 'text/html'
+                        "Content-Type": "text/html"
                     });
-                res.write('<h1>The following is the stock information you requested.</h1>\n\n');
-                res.write('\n\n');
-                res.write(newResponse.body);
+                }
+                res.write("<h1>The following is the stock information you requested.</h1>\n\n");
+                res.write("\n\n");
+                if (body) {
+                    res.write(body);
+                }
                 return res.end();
             });
         }