middleware to prevent path traversal attempts (#9554)

dust-tt · Dec 20, 2024 · 9f7e42d · 9f7e42d
1 parent 7d5808f
commit 9f7e42d
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/front/middleware.ts b/front/middleware.ts
@@ -0,0 +1,16 @@
+import type { NextRequest } from "next/server";
+import { NextResponse } from "next/server";
+
+export function middleware(request: NextRequest) {
+  // Detect path traversal attempts
+  const url = request.nextUrl.pathname;
+  if (url.includes("../") || url.includes("..%2F") || url.includes("..%5C")) {
+    return new NextResponse(null, { status: 400 });
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: "/:path*",
+};