From b1073ce7b8eacd9fd77bd723080ee1bdbc1e4ff1 Mon Sep 17 00:00:00 2001 From: Deco Vander Date: Fri, 4 Jul 2025 13:25:25 -0400 Subject: [PATCH] Fix critical security risk: implement complete fallback profanity filter - Add comprehensive no-op fallback profanity filter with all required methods - Prevent runtime errors when profanity filter initialization fails - Add startup logging to clearly indicate profanity filter status - Include _isFallback property for monitoring and debugging - Ensure all routes continue to function even with fallback filter - Maintain security awareness with clear warning messages --- server.js | 56 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/server.js b/server.js index baa7346..a0a6022 100644 --- a/server.js +++ b/server.js @@ -35,14 +35,49 @@ try { console.error('Creating fallback no-op profanity filter. ALL CONTENT WILL BE ALLOWED!'); console.error('This is a security risk - please fix the profanity filter configuration.'); - // Create a fallback no-op profanity filter + // Create a fallback no-op profanity filter that matches the full ProfanityFilter interface profanityFilter = { + // Core profanity checking methods checkText: () => ({ isProfane: false, reason: null }), - addWord: () => Promise.resolve({ success: false, error: 'Profanity filter not available' }), - removeWord: () => Promise.resolve({ success: false, error: 'Profanity filter not available' }), - getWords: () => Promise.resolve([]), - testText: () => Promise.resolve({ isProfane: false, detectedWords: [], filteredText: '' }), - close: () => {} + containsProfanity: () => false, + analyzeProfanity: (text) => ({ + hasProfanity: false, + matches: [], + severity: 'none', + count: 0, + filtered: text || '' + }), + filterProfanity: (text) => text || '', + + // Database management methods used by admin routes + addCustomWord: (word, severity, category, createdBy) => Promise.resolve({ + success: false, + error: 'Profanity filter not available - please check server configuration' + }), + removeCustomWord: (wordId) => Promise.resolve({ + success: false, + error: 'Profanity filter not available - please check server configuration' + }), + updateCustomWord: (wordId, updates) => Promise.resolve({ + success: false, + error: 'Profanity filter not available - please check server configuration' + }), + getCustomWords: () => Promise.resolve([]), + loadCustomWords: () => Promise.resolve(), + + // Utility methods + getAllWords: () => [], + getSeverity: () => 'none', + getSeverityLevel: () => 0, + getSeverityName: () => 'none', + normalizeText: (text) => text || '', + buildPatterns: () => [], + + // Cleanup method + close: () => {}, + + // Special property to identify this as a fallback filter + _isFallback: true }; console.warn('⚠️ SECURITY WARNING: Profanity filtering is DISABLED due to initialization failure!'); @@ -151,6 +186,15 @@ app.listen(PORT, () => { console.log('Great Lakes Ice Report server started'); console.log(`Listening on port ${PORT}`); console.log(`Visit http://localhost:${PORT} to view the website`); + + // Display profanity filter status + if (profanityFilter._isFallback) { + console.log('🚨 PROFANITY FILTER: DISABLED (FALLBACK MODE)'); + console.log('⚠️ ALL USER CONTENT WILL BE ALLOWED!'); + } else { + console.log('✅ PROFANITY FILTER: ACTIVE AND FUNCTIONAL'); + } + console.log('==========================================='); });