From e292e2ef9b80cc14a3e5a9865fd6eca1cc6453f3 Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Tue, 30 Jul 2024 19:13:55 +0200
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 App.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/App.js b/App.js
index 4f280d2..0f01a57 100644
--- a/App.js
+++ b/App.js
@@ -198,6 +198,11 @@ const routing = {
 };
 let httpserver, port = 8080;
 httpserver = http.createServer((req, res) => {
+    if (path.normalize(decodeURI(req.url)) !== decodeURI(req.url)) {
+        res.statusCode = 403;
+        res.end();
+        return;
+    }
     let host, body = url.parse(req.url, true);
     let query = body.query;
     let pathname = body.pathname;