mockaton 8.7.5 → 8.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/Mockaton.test.js +5 -0
- package/src/StaticDispatcher.js +9 -6
- package/src/config.js +4 -0
package/package.json
CHANGED
package/src/Mockaton.test.js
CHANGED
|
@@ -500,6 +500,11 @@ export default function (req, response) {
|
|
|
500
500
|
|
|
501
501
|
async function testStaticFileServing() {
|
|
502
502
|
await describe('Static File Serving', () => {
|
|
503
|
+
it('404 path traversal', async () => {
|
|
504
|
+
const res = await request('/../../../etc/passwd')
|
|
505
|
+
equal(res.status, 404)
|
|
506
|
+
})
|
|
507
|
+
|
|
503
508
|
it('Defaults to index.html', async () => {
|
|
504
509
|
const res = await request('/')
|
|
505
510
|
const body = await res.text()
|
package/src/StaticDispatcher.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { join,
|
|
1
|
+
import { join, resolve } from 'node:path'
|
|
2
2
|
import fs, { readFileSync } from 'node:fs'
|
|
3
3
|
|
|
4
4
|
import { config } from './config.js'
|
|
@@ -8,12 +8,15 @@ import { sendNotFound, sendInternalServerError } from './utils/http-response.js'
|
|
|
8
8
|
|
|
9
9
|
|
|
10
10
|
export function isStatic(req) {
|
|
11
|
-
if (!config.staticDir)
|
|
12
|
-
return false
|
|
13
|
-
if (!isAbsolute(req.url)) // prevent sandbox escape
|
|
11
|
+
if (!config.staticDir || !isWithinStaticDir(req.url))
|
|
14
12
|
return false
|
|
15
13
|
const f = resolvePath(req.url)
|
|
16
|
-
return !config.ignore.test(f)
|
|
14
|
+
return f && !config.ignore.test(f)
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
function isWithinStaticDir(url) {
|
|
18
|
+
const candidate = resolve(join(config.staticDir, url))
|
|
19
|
+
return candidate.startsWith(config.staticDir)
|
|
17
20
|
}
|
|
18
21
|
|
|
19
22
|
export async function dispatchStatic(req, response) {
|
|
@@ -29,7 +32,7 @@ export async function dispatchStatic(req, response) {
|
|
|
29
32
|
function resolvePath(url) {
|
|
30
33
|
let candidate = join(config.staticDir, url)
|
|
31
34
|
if (isDirectory(candidate))
|
|
32
|
-
candidate
|
|
35
|
+
candidate = join(candidate, 'index.html')
|
|
33
36
|
if (isFile(candidate))
|
|
34
37
|
return candidate
|
|
35
38
|
}
|
package/src/config.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { resolve } from 'node:path'
|
|
1
2
|
import { isDirectory } from './utils/fs.js'
|
|
2
3
|
import { openInBrowser } from './utils/openInBrowser.js'
|
|
3
4
|
import { jsToJsonPlugin } from './MockDispatcherPlugins.js'
|
|
@@ -66,6 +67,9 @@ export function setup(options) {
|
|
|
66
67
|
|
|
67
68
|
onReady: is(Function)
|
|
68
69
|
})
|
|
70
|
+
|
|
71
|
+
config.mocksDir = resolve(config.mocksDir)
|
|
72
|
+
config.staticDir = resolve(config.staticDir)
|
|
69
73
|
}
|
|
70
74
|
|
|
71
75
|
|