Mitigated directory traversal in ServeHandler

2023-09-09 00:07:06 +04:00 · 2023-09-09 00:07:06 +04:00 · 8894a9a55f
parent 9ba3bddc96
commit 8894a9a55f
2 changed files with 15 additions and 2 deletions
--- a/examples/norxondor_gorgonax/config.ru
+++ b/examples/norxondor_gorgonax/config.ru
@ -13,9 +13,9 @@ app = Hyde::Server.new do
  postprocess do |request, response|
    puts "Request: #{request}, response: #{response}"
  end
-  index ["index"]
+  index ["index.html"]
  root "#{ENV['PWD']}/assets"
-  serve "*.(html|css|js)"
+  serve "/**/*.(html|css|js)"
  get "/wormhole/:test/*" do |suffix, test: nil|
    <<~RESPONSE
      You tried accessing #{suffix} at named param #{test}
--- a/examples/norxondor_gorgonax/index.html
+++ b/examples/norxondor_gorgonax/index.html
@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+    <head> 
+        <title> Cleverly done, mr. freeman </title>
+    </head>
+    <body>
+        <h1>Cleverly done, mr. freeman</h1>
+        <hr/>
+        <p>But you are not supposed to be here</p>
+        <p><b>Get back where you belong.</b></p>
+    </body>
+</html>
+