From b85a040f132e57cea0bda9eb86da82bab3ba4fbc Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Sun, 9 May 2021 17:36:18 -0400 Subject: [PATCH] tests: Reuse `sanitizePathname` when serving frontend specs --- src/node/hooks/express/tests.js | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/src/node/hooks/express/tests.js b/src/node/hooks/express/tests.js index b39747227..5b2436989 100644 --- a/src/node/hooks/express/tests.js +++ b/src/node/hooks/express/tests.js @@ -3,6 +3,7 @@ const path = require('path'); const fs = require('fs'); const fsp = fs.promises; +const sanitizePathname = require('../../utils/sanitizePathname'); const settings = require('../../utils/Settings'); exports.expressCreateServer = (hookName, args, cb) => { @@ -30,25 +31,15 @@ exports.expressCreateServer = (hookName, args, cb) => { const rootTestFolder = path.join(settings.root, 'src/tests/frontend/'); - const sanitizePath = (subPath) => { - if (subPath === '') { - subPath = 'index.html'; - } - let filePath = path.join(rootTestFolder, subPath); - // make sure we jail the paths to the test folder, otherwise serve index - if (filePath.indexOf(rootTestFolder) !== 0) { - filePath = path.join(rootTestFolder, 'index.html'); - } - return filePath; - }; - // The regexp /[\d\D]{0,}/ is equivalent to the regexp /.*/. The Express route path used here // uses the more verbose /[\d\D]{0,}/ pattern instead of /.*/ because path-to-regexp v0.1.7 (the // version used with Express v4.x) interprets '.' and '*' differently than regexp. args.app.get('/tests/frontend/:file([\\d\\D]{0,})', (req, res, next) => { (async () => { - const file = sanitizePath(req.params.file); - if (req.params.file.startsWith('specs/') && file.endsWith('.js')) { + let relFile = sanitizePathname(req.params.file); + if (['', '.', './'].includes(relFile)) relFile = 'index.html'; + const file = path.join(rootTestFolder, relFile); + if (relFile.startsWith('specs/') && file.endsWith('.js')) { const content = await fsp.readFile(file); res.setHeader('content-type', 'application/javascript'); res.send(`describe(${JSON.stringify(path.basename(file))}, function () {\n${content}\n});`);