Skip to content

Commit

Permalink
Block malicious looking requests to prevent path traversal attacks.
Browse files Browse the repository at this point in the history 
Co-Authored-By: Jafar Akhondali <jafar.akhoondali@gmail.com>
  • Loading branch information
@sisou @JafarAkhondali
sisou and JafarAkhondali committed Sep 16, 2024
1 parent 4e68e59 commit 91def32
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions serve.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ var http = require("http"),
};

http.createServer(function(request, response) {
if (path.normalize(decodeURI(request.url)) !== decodeURI(request.url)) {
response.statusCode = 403;
response.end();
return;
}

var uri = url.parse(request.url).pathname,
filename = path.join(process.cwd(), uri);
Expand Down

0 comments on commit 91def32

Please sign in to comment.