oxmc/serve-index
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use 400 error on URI decode failure instead of 500

Browse Source 
closes #85
closes #88
This commit is contained in:
Joonas Rouhiainen
2018-08-22 23:13:14 +03:00
committed by Douglas Christopher Wilson
parent 32b7a1adec
commit d3ee7d8f55
3 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
HISTORY.md
View File

@@ -2,6 +2,7 @@ unreleased
==========
* Show font icon for more font types
* Use 400 error on URI decode failure instead of 500
* deps: accepts@~1.3.5
- deps: mime-types@~2.1.18
* deps: http-errors@~1.7.2

24
index.js
View File

@@ -107,10 +107,14 @@ function serveIndex(root, options) {
return;
}
// get dir
var dir = getRequestedDir(req)
// bad request
if (dir === null) return next(createError(400))
// parse URLs
var url = parseUrl(req);
var originalUrl = parseUrl.original(req);
var dir = decodeURIComponent(url.pathname);
var originalDir = decodeURIComponent(originalUrl.pathname);
// join / normalize from root dir
@@ -327,6 +331,22 @@ function fileSort(a, b) {
String(a.name).toLocaleLowerCase().localeCompare(String(b.name).toLocaleLowerCase());
}
/**
* Get the requested directory from request.
*
* @param req
* @return {string}
* @api private
*/
function getRequestedDir (req) {
try {
return decodeURIComponent(parseUrl(req).pathname)
} catch (e) {
return null
}
}
/**
* Map html `dir`, returning a linked path.
*/

8
test/test.js
View File

@@ -76,6 +76,14 @@ describe('serveIndex(root)', function () {
.expect(400, done)
})
it('should deny path that does not decode', function (done) {
var server = createServer()
request(server)
.head('/%FF')
.expect(400, done)
})
it('should deny path outside root', function (done) {
var server = createServer()