Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix an issue in the path handling that allowed directory traversal
  • Loading branch information
devoidfury authored and JohnMcLear committed Apr 11, 2015
1 parent b95395a commit 5409eb3
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/node/hooks/express/tests.js
Expand Up @@ -23,15 +23,19 @@ exports.expressCreateServer = function (hook_name, args, cb) {

});

var rootTestFolder = path.join(npm.root, "..", "/tests/frontend/");
var url2FilePath = function(url){
var subPath = url.substr("/tests/frontend".length);
if (subPath == ""){
subPath = "index.html"
}
subPath = subPath.split("?")[0];

var filePath = path.normalize(npm.root + "/../tests/frontend/")
filePath += subPath.replace("..", "");
var filePath = path.normalize(path.join(rootTestFolder, subPath));
// make sure we jail the paths to the test folder, otherwise serve index
if (filePath.indexOf(rootTestFolder) !== 0) {
filePath = path.normalize(path.join(rootTestFolder, "index.html"));
}
return filePath;
}

Expand Down

1 comment on commit 5409eb3

@fgeek
Copy link

@fgeek fgeek commented on 5409eb3 May 27, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixes CVE-2015-4085.

Please sign in to comment.