From e65109feca1d82c1ed74becca908d9a0bbd9a79a Mon Sep 17 00:00:00 2001
From: usmannasir <usman@cyberpersons.com>
Date: Sun, 26 Oct 2025 14:58:50 +0500
Subject: [PATCH] Fix security middleware to allow file content in API
 endpoints

- Add bypass check for 'content' field INSIDE isAPIEndpoint block
- Prevents blocking of legitimate JavaScript/PHP code in replace-file API
- Bypass list includes: content, fileContent, configData, rewriteRules, modSecRules
- Security check still applies to other fields in API requests
- Fixes: Replace-file API being blocked by security middleware
---
 CyberCP/secMiddleware.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index 615620a56..ca840270a 100644
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -192,9 +192,13 @@ class secMiddleware:
                                    pathActual.find('/api/') > -1 or pathActual.find('aiscanner/scheduled-scans') > -1)
                     
                     if isAPIEndpoint:
+                        # Skip validation for fields that contain legitimate code/scripts
+                        if key == 'content' or key == 'fileContent' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'contentNow' or key == 'emailMessage':
+                            continue
+
                         # For API endpoints, still check for the most dangerous command injection characters
-                        if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or 
-                            value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or 
+                        if isinstance(value, (str, bytes)) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or
+                            value.find('&&') > -1 or value.find('||') > -1 or value.find('|') > -1 or
                             value.find('...') > -1 or value.find("`") > -1 or value.find("$") > -1 or
                             value.find('../') > -1 or value.find('../../') > -1):
                             logging.writeToFile(request.body)
@@ -212,7 +216,7 @@ class secMiddleware:
                             or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' \
                             or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \
                             or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow' \
-                            or key == 'time_of_day' or key == 'notification_emails' or key == 'domains':
+                            or key == 'time_of_day' or key == 'notification_emails' or key == 'domains' or key == 'content':
                         continue
 
                     # Skip validation for API endpoints that need JSON structure characters