Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix security vulnerability
  • Loading branch information
Jesse Keane committed Feb 1, 2018
1 parent 7e69a55 commit 8cfd88e
Show file tree
Hide file tree
Showing 6 changed files with 3,499 additions and 4 deletions.
61 changes: 61 additions & 0 deletions .gitignore
@@ -0,0 +1,61 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage

# nyc test coverage
.nyc_output

# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# Typescript v1 declaration files
typings/

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# dotenv environment variables file
.env

# next.js build output
.next
9 changes: 5 additions & 4 deletions .travis.yml
@@ -1,6 +1,7 @@
language: node_js
node_js:
- "4.0"
- "0.12"
- "0.11"
- "0.10"
- node
- lts/*
- 8
- 6
- 4
5 changes: 5 additions & 0 deletions index.js
Expand Up @@ -70,6 +70,11 @@ Glance.prototype.serveRequest = function Glance$serveRequest (req, res) {
request.method = req.method.toLowerCase()
request.response = res

// prevent traversing directories that are parents of the root
if (request.fullPath.slice(0, self.dir.length) !== self.dir) {
return self.emit('error', 403, request, res)
}

if (request.method !== 'get') {
return self.emit('error', 405, request, res)
}
Expand Down

0 comments on commit 8cfd88e

Please sign in to comment.