1 | var fs = require('fs');
|
2 | var path = require('path');
|
3 |
|
4 | module.exports = {
|
5 |
|
6 | isPathContainedInRoot : function(pathDir, root){
|
7 | if (typeof root !== 'string' || typeof pathDir !== 'string'){
|
8 | return false;
|
9 | }
|
10 |
|
11 | if (pathDir[0] !== "/") {
|
12 | pathDir = path.join(process.cwd(), pathDir);
|
13 | }
|
14 | return pathDir.indexOf(root) === 0;
|
15 | },
|
16 |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 | areValidPathElements : function(paths) {
|
22 |
|
23 | function valid(path){
|
24 | if (!path) return false;
|
25 |
|
26 | var malicius = false;
|
27 | path = path.toString();
|
28 |
|
29 | if ((path.indexOf("/") !== -1) || (path.indexOf("\\") !== -1)) {
|
30 | malicius = true;
|
31 | }
|
32 |
|
33 | if (path.indexOf("..") !== -1) {
|
34 | malicius = true;
|
35 | }
|
36 |
|
37 | if (path.indexOf('\0') !== -1) {
|
38 | malicius = true;
|
39 | }
|
40 |
|
41 | if (malicius){
|
42 | console.log("Malicious path detected: %s", path);
|
43 | return false;
|
44 | }
|
45 | else {
|
46 | return true;
|
47 | }
|
48 | }
|
49 |
|
50 | paths = Array.isArray(paths) ? paths : [paths];
|
51 | return paths.every(valid);
|
52 | },
|
53 |
|
54 | getRndInt: function (min, max) {
|
55 | return Math.floor(Math.random() * (max - min + 1)) + min;
|
56 | },
|
57 |
|
58 | getJSONFromFile: function (path, defaultValue, warnIfFileNotExists, warnIfFileIsInvalid){
|
59 | try {
|
60 | if (!fs.existsSync(path)){
|
61 | if (warnIfFileNotExists) warnIfFileNotExists(path);
|
62 | return defaultValue;
|
63 | }
|
64 | return JSON.parse(fs.readFileSync(path));
|
65 | }
|
66 | catch (e){
|
67 | if (warnIfFileIsInvalid) warnIfFileIsInvalid(path, e);
|
68 | return defaultValue;
|
69 | }
|
70 | }
|
71 | }; |
\ | No newline at end of file |