You are here: start / security / mitigating_path_traversals_for_web_services / node

About

This is a node.js example illustrating how path traversals can be mitigated.

Code

///////////////////////////////////////////////////////////////////////////
//  Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3      //
///////////////////////////////////////////////////////////////////////////
// Parameters:
//   * userPath - the requested path
//   * rootPath - the base document root path
//   * separator - the path separator to use (path.sep from path package in node.js)
// Returns: true if userPath is a safe path within rootPath 
function isRooted(userPath, rootPath, separator) {
    userPath = userPath.split(separator).filter(Boolean);
    rootPath = rootPath.split(separator).filter(Boolean);
    return userPath.length >= rootPath.length && rootPath.every((e, i) => {
        return e === userPath[i];
    });
}
security/mitigating_path_traversals_for_web_services/node.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1
You are here: start / security / mitigating_path_traversals_for_web_services / node

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.