From 8894a9a55f3e77069a6c950d4c6545d3afeaa8d3 Mon Sep 17 00:00:00 2001
From: Yessiest <yessiest@memeware.net>
Date: Sat, 9 Sep 2023 00:07:06 +0400
Subject: [PATCH] Mitigated directory traversal in ServeHandler

---
 examples/norxondor_gorgonax/config.ru  |  4 ++--
 examples/norxondor_gorgonax/index.html | 13 +++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 examples/norxondor_gorgonax/index.html

diff --git a/examples/norxondor_gorgonax/config.ru b/examples/norxondor_gorgonax/config.ru
index abf32ed..67d2a3f 100644
--- a/examples/norxondor_gorgonax/config.ru
+++ b/examples/norxondor_gorgonax/config.ru
@@ -13,9 +13,9 @@ app = Hyde::Server.new do
   postprocess do |request, response|
     puts "Request: #{request}, response: #{response}"
   end
-  index ["index"]
+  index ["index.html"]
   root "#{ENV['PWD']}/assets"
-  serve "*.(html|css|js)"
+  serve "/**/*.(html|css|js)"
   get "/wormhole/:test/*" do |suffix, test: nil|
     <<~RESPONSE
       You tried accessing #{suffix} at named param #{test}
diff --git a/examples/norxondor_gorgonax/index.html b/examples/norxondor_gorgonax/index.html
new file mode 100644
index 0000000..14c7044
--- /dev/null
+++ b/examples/norxondor_gorgonax/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+    <head> 
+        <title> Cleverly done, mr. freeman </title>
+    </head>
+    <body>
+        <h1>Cleverly done, mr. freeman</h1>
+        <hr/>
+        <p>But you are not supposed to be here</p>
+        <p><b>Get back where you belong.</b></p>
+    </body>
+</html>
+