Skip to content

Commit

Permalink
Close security vulnerability in generateRequestHandler()
Browse files Browse the repository at this point in the history 
If mounted without a path (eg `app.use(generateRequestHandler())`), this
could reveal unsecured system files via an attack containing parent
directories if the installation directory is not itself secuted.
  • Loading branch information
@matAtWork
matAtWork committed Mar 7, 2018
1 parent fff70ba commit bfcb809
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
3 changes: 3 additions & 0 deletions nodent.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,9 @@ function generateRequestHandler(path, matchRegex, options) {
var compilerOptions = copyObj([NodentCompiler.initialCodeGenOpts,options.compiler]) ;

return function (req, res, next) {
if (req.url.indexOf('..')>=0)
return next() ;

if (cache[req.url]) {
res.setHeader("Content-Type", cache[req.url].contentType);
options.setHeaders && options.setHeaders(res) ;
Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "nodent",
"version": "3.1.6",
"version": "3.1.7",
"description": "NoDent - Asynchronous Javascript language extensions",
"main": "nodent.js",
"scripts": {
Expand Down

0 comments on commit bfcb809

Please sign in to comment.