Wrongly closed: Fixed path traversal vulnerability when symlinking directories

[alromh87]

📊 Metadata *

Still valid as it fixes a Vulnerability after proposed fix #2

Creating a symlink to a directory could allow acces to system files, proposed fix handles symlinked files but not directories

Bounty URL: https://www.huntr.dev/bounties/2-npm-superstatic

⚙️ Description *

Path is tested for symlinked directories, in case it is request is denied

💻 Technical Description *

If symlink filter is enabled and file is not symlink every directory in the path, starting from base directory, is tested to be symlink, in positive case request is denied

🐛 Proof of Concept (PoC) *

1)Install the Superstatic module
$ npm install -g superstatic

2)Make a directory
$ mkdir test

3)Go to 'test' directory
$ cd test

4)create a symlink file to directory
ln -s /etc/ 'dirname'

5)Run Superstatic module
$ Superstatic

6)Request the file within browser
http://localhost:3474/'dirname'/'regularfile'
http://localhost:3474/poc/passwd

7)Content of file is returned to browser

🔥 Proof of Fix (PoF) *

After fix error page is shown

👍 User Acceptance Testing (UAT)

Original functionality unafected

[Mik317]

LGTM 😄 🎉
Please consider it's not a bypass of #2 since it was a fix referred to another bounty (npm-superstatic-1) 😉

Cheers,
Mik

[mufeedvh]

[huntr-helper]

Congratulations alromh87 - your fix has been selected! 🎉

Thanks for being part of the community & helping secure the world's open source code.
If you have any questions, please respond in the comments section, or hit us up on Discord. Your bounty is on its way - keep hunting!

Come join us on Discord