UNPKG

angular-http-server

Version:

Simple http server for developers of apps with client side routing

github.com/simonh1000/angular-http-server

simonh1000/angular-http-server

103 lines (90 loc) 3.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
const path = require('path'); const getFilePathFromUrl = require('./get-file-path-from-url'); describe('getFilePathFromUrl', () => { const VALID_PATHS = [ // normal inputs '/index.html', '/beach.js?_=1236363', '/static/beach.jpg', '/VERSION', // common false-positives '/./index.html', '/a.weird.folder/file.css', '/a..weirder..folder/file.js', '/.valid/test.zip', '/..valid/test.zip', '/......a/dots.jpg', ]; const INVALID_PATHS = [ // directories '/', '/../', '/static/', // traversal within base path '/../output/index.html', '/static/../index.html', // traversal out of base path '/..', '/../static/file.png', '/../../../../sys/passwd', // https://hackerone.com/reports/309120 ]; function testInvalidBasePaths(pathLib, relativePaths) { const input = VALID_PATHS[0]; it('should throw an error if the basePath is undefined', () => { expect(() => getFilePathFromUrl(input, undefined, { pathLib })).to.throw('basePath must be specified'); }); context('where basePath is not absolute', () => { relativePaths.forEach((basePath) => { it(`should throw an error if basePath = ${basePath}`, () => { expect(() => getFilePathFromUrl(input, basePath, { pathLib })).to.throw('must be absolute'); }); }); }); } function testValidBasePaths(pathLib, basePaths) { basePaths.forEach((basePath) => { context(`where basePath = ${basePath}`, () => { function createTest(input, expected) { it(`should return "${expected}" given input "${input}"`, () => { expect(getFilePathFromUrl(input, basePath, { pathLib })).to.equal(expected); }); } VALID_PATHS.forEach((testPath) => { const expected = pathLib.join(basePath, testPath).split('?')[0]; createTest(testPath, expected); }); INVALID_PATHS.forEach((testPath) => createTest(testPath, 'dummy')); }); }); } function testWithBaseHref(pathLib, basePath) { const baseHref = 'myapp'; context (`where baseHref = "${baseHref}" and basePath = "${basePath}"`, () => { function createTest(input, expected) { it(`should return "${expected}" given input "${input}"`, () => { expect(getFilePathFromUrl(input, basePath, { pathLib, baseHref})).to.equal(expected) }); } function expectPath(input, expected) { createTest(input, pathLib.join(basePath, expected).split('?')[0]); } function expectDummy(input, expected) { createTest(input, 'dummy'); } expectPath('/myapp/test.js', 'test.js'); expectDummy('/test.js'); }); } context('on a Windows system', () => { const pathLib = path.win32; testInvalidBasePaths(pathLib, ['dist\\output', '.\\', '.', '.\\serve']); testValidBasePaths(pathLib, ['C:\\', 'C:\\project', 'C:\\project\\serve\\output']); testWithBaseHref(pathLib, 'C:\\project'); }); context('on a POSIX system', () => { const pathLib = path.posix; testInvalidBasePaths(pathLib, ['dist/output', './', '.', './serve']); testValidBasePaths(pathLib, ['/', '/home', '/home/user/project/serve/output']); testWithBaseHref(pathLib, '/home/user/project'); }); });