Главная Обзор Помощь
Вход
contracts
/
denet-node-server
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 608094dabf
Ветки Метки
denet-node-s...
/
node_modules
/
resolve-path
DevYK 8466310f0c update README.md 3 лет назад
..
node_modules 8466310f0c update README.md 3 лет назад
HISTORY.md 8466310f0c update README.md 3 лет назад
LICENSE 8466310f0c update README.md 3 лет назад
README.md 8466310f0c update README.md 3 лет назад
index.js 8466310f0c update README.md 3 лет назад
package.json 8466310f0c update README.md 3 лет назад

README.md

resolve-path

NPM Version NPM Downloads Node.js Version Linux Build Windows Build Test Coverage

Resolve a relative path against a root path with validation.

This module would protect against commons attacks like GET /../file.js which reaches outside the root folder.

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install resolve-path

API

var resolvePath = require('resolve-path')

resolvePath(relativePath)

Resolve a relative path against process.cwd() (the process's current working directory) and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:

  • The relative path is an absolute path
  • The relative path contains a NULL byte
  • The relative path resolves to a path outside of process.cwd()
  • The relative path traverses above process.cwd() and back down

resolvePath(rootPath, relativePath)

Resolve a relative path against the provided root path and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:

  • The relative path is an absolute path
  • The relative path contains a NULL byte
  • The relative path resolves to a path outside of the root path
  • The relative path traverses above the root and back down

Example

Safely resolve paths in a public directory

var http = require('http')
var parseUrl = require('parseurl')
var path = require('path')
var resolvePath = require('resolve-path')

// the public directory
var publicDir = path.join(__dirname, 'public')

// the server
var server = http.createServer(function onRequest (req, res) {
  try {
    // get the pathname from the URL (decoded)
    var pathname = decodeURIComponent(parseUrl(req).pathname)

    if (!pathname) {
      res.statusCode = 400
      res.end('path required')
      return
    }

    // remove leading slash
    var filename = pathname.substr(1)

    // resolve the full path
    var fullpath = resolvePath(publicDir, filename)

    // echo the resolved path
    res.statusCode = 200
    res.end('resolved to ' + fullpath)
  } catch (err) {
    res.statusCode = err.status || 500
    res.end(err.message)
  }
})

server.listen(3000)

License

MIT