fix: path traversal vuln

2025-10-23 07:41:58 +00:00 · 2025-01-31 01:26:19 -05:00
parent b102cd886f
commit 2acfd21778
1 changed files with 5 additions and 3 deletions
--- a/server.js
+++ b/server.js
@@ -229,6 +229,8 @@ const uploads = new Map();
 // Routes
 app.post('/upload/init', async (req, res) => {
    const { filename, fileSize } = req.body;
+
+    const safeFilename = path.normalize(filename).replace(/^(\.\.(\/|\\|$))+/, '')
    
    // Check file size limit
    if (fileSize > maxFileSize) {
@@ -241,20 +243,20 @@ app.post('/upload/init', async (req, res) => {
    }

    const uploadId = Date.now().toString();
-    const filePath = path.join(uploadDir, filename);
+    const filePath = path.join(uploadDir, safeFilename);
    
    try {
        await ensureDirectoryExists(filePath);
        
        uploads.set(uploadId, {
-            filename,
+            safeFilename,
            filePath,
            fileSize,
            bytesReceived: 0,
            writeStream: fs.createWriteStream(filePath)
        });

-        log.info(`Initialized upload for ${filename} (${fileSize} bytes)`);
+        log.info(`Initialized upload for ${safeFilename} (${fileSize} bytes)`);
        res.json({ uploadId });
    } catch (err) {
        log.error(`Failed to initialize upload: ${err.message}`);