Skip to content

Commit

Permalink
fix Uncontrolled data used in path expression
Browse files Browse the repository at this point in the history
  • Loading branch information
@TarradeMarc
TarradeMarc committed Mar 22, 2024
1 parent 51b1fb3 commit abaf6af
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions configmanager/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ app.get('/:namespace/:application', (req, res) => {
res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
res.setHeader("Content-Security-Policy", "script-src 'self'");
const { namespace, application } = req.params;
const filePath = path.normalize(`/data/cad-${namespace}-${application}.json`).replace(/^(\.\.(\/|\\|$))+/, '');
const filePath = fs.realpathSync(path.normalize(`${__dirname}/data/cad-${namespace}-${application}.json`).replace(/^(\.\.(\/|\\|$))+/, ''));
const defaultFilePath = `/data/cad-default.json`;

// Check if the file exists
fs.access(filePath, fs.constants.F_OK, (err) => {
if (err) {
Expand Down

0 comments on commit abaf6af

Please sign in to comment.