diff --git a/src/handlers/clientErrorHandler.js b/src/handlers/clientErrorHandler.js index 6edf512..c894b19 100644 --- a/src/handlers/clientErrorHandler.js +++ b/src/handlers/clientErrorHandler.js @@ -45,6 +45,7 @@ function clientErrorHandler(err, socket) { socket.end(x, function () { try { socket.destroy(); + // eslint-disable-next-line no-unused-vars } catch (err) { // Socket is probably already destroyed } @@ -61,7 +62,9 @@ function clientErrorHandler(err, socket) { if (headername.toLowerCase() == "set-cookie") { headers[headername].forEach(function (headerValueS) { if ( + // eslint-disable-next-line no-control-regex headername.match(/[^\x09\x20-\x7e\x80-\xff]|.:/) || + // eslint-disable-next-line no-control-regex headerValueS.match(/[^\x09\x20-\x7e\x80-\xff]/) ) throw new Error(`Invalid header!!! (${headername})`); @@ -69,7 +72,9 @@ function clientErrorHandler(err, socket) { }); } else { if ( + // eslint-disable-next-line no-control-regex headername.match(/[^\x09\x20-\x7e\x80-\xff]|.:/) || + // eslint-disable-next-line no-control-regex headers[headername].match(/[^\x09\x20-\x7e\x80-\xff]/) ) throw new Error(`Invalid header!!! (${headername})`); @@ -546,7 +551,7 @@ function clientErrorHandler(err, socket) { if (packetLine1.length != 1) { logFacilities.errmessage("The head of request is invalid."); callServerError(400); // Malformed Packet - } else if (!httpVersion.toString().match(/^HTTP[\/]/i)) { + } else if (!httpVersion.toString().match(/^HTTP[/]/i)) { logFacilities.errmessage("Invalid protocol."); callServerError(400); // bad protocol version } else if (http.METHODS.indexOf(method) == -1) { @@ -562,6 +567,7 @@ function clientErrorHandler(err, socket) { callServerError(400); // Also malformed Packet } } + // eslint-disable-next-line no-unused-vars } catch (err) { logFacilities.errmessage( "There was an error while determining type of malformed request.", diff --git a/src/handlers/noproxyHandler.js b/src/handlers/noproxyHandler.js index bcce7b6..df6d892 100644 --- a/src/handlers/noproxyHandler.js +++ b/src/handlers/noproxyHandler.js @@ -1,7 +1,9 @@ +// eslint-disable-next-line no-unused-vars const svrjsInfo = require("../../svrjs.json"); let serverconsole = {}; +// eslint-disable-next-line no-unused-vars function noproxyHandler(req, socket, head) { let reqIdInt = Math.floor(Math.random() * 16777216); if (reqIdInt == 16777216) reqIdInt = 0; diff --git a/src/handlers/requestHandler.js b/src/handlers/requestHandler.js index da48d0c..9c5f414 100644 --- a/src/handlers/requestHandler.js +++ b/src/handlers/requestHandler.js @@ -246,6 +246,7 @@ function requestHandler(req, res) { res.socket.realRemoteAddress = reqip; res.socket.originalRemotePort = oldport; res.socket.originalRemoteAddress = oldip; + // eslint-disable-next-line no-unused-vars } catch (err) { // Address setting failed } diff --git a/src/handlers/serverErrorHandler.js b/src/handlers/serverErrorHandler.js index 8f54d47..4ecb8d2 100644 --- a/src/handlers/serverErrorHandler.js +++ b/src/handlers/serverErrorHandler.js @@ -22,6 +22,7 @@ function serverErrorHandler(err, isRedirect, server, start) { process.send( "\x12ERRLIST" + (isRedirect ? attmtsRedir : attmts) + err.code, ); + // eslint-disable-next-line no-unused-vars } catch (err) { // Probably main process exited } @@ -33,6 +34,7 @@ function serverErrorHandler(err, isRedirect, server, start) { try { if (cluster.isPrimary !== undefined) process.send("\x12ERRCRASH" + err.code); + // eslint-disable-next-line no-unused-vars } catch (err) { // Probably main process exited } diff --git a/src/index.js b/src/index.js index 485c3a8..19614bf 100644 --- a/src/index.js +++ b/src/index.js @@ -12,6 +12,7 @@ const { name, version } = svrjsInfo; let inspector = undefined; try { inspector = require("inspector"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Don't use inspector } @@ -39,6 +40,7 @@ try { throw err; } } + // eslint-disable-next-line no-unused-vars } catch (err) { http2.__disabled__ = null; http2.createServer = () => { @@ -71,6 +73,7 @@ let https = { try { crypto = require("crypto"); https = require("https"); + // eslint-disable-next-line no-unused-vars } catch (err) { http2.createSecureServer = () => { throw new Error("Crypto support is not present"); @@ -94,6 +97,7 @@ process.filename = __filename; let hexstrbase64 = undefined; try { hexstrbase64 = require(process.dirname + "/hexstrbase64/index.js"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Don't use hexstrbase64 } @@ -345,7 +349,7 @@ if (typeof process.serverConfig.port === "string") { process.serverConfig.port = parseInt(process.serverConfig.port); } else { const portLMatch = process.serverConfig.port.match( - /^(\[[^ \]@\/\\]+\]|[^ \]\[:@\/\\]+):([0-9]+)$/, + /^(\[[^ \]@/\\]+\]|[^ \][:@/\\]+):([0-9]+)$/, ); if (portLMatch) { listenAddress = portLMatch[1] @@ -360,7 +364,7 @@ if (typeof process.serverConfig.sport === "string") { process.serverConfig.sport = parseInt(process.serverConfig.sport); } else { const sportLMatch = process.serverConfig.sport.match( - /^(\[[^ \]@\/\\]+\]|[^ \]\[:@\/\\]+):([0-9]+)$/, + /^(\[[^ \]@/\\]+\]|[^ \][:@/\\]+):([0-9]+)$/, ); if (sportLMatch) { sListenAddress = sportLMatch[1] @@ -384,6 +388,7 @@ try { if (inspector) { inspectorURL = inspector.url(); } + // eslint-disable-next-line no-unused-vars } catch (err) { // Failed to get inspector URL } @@ -494,6 +499,7 @@ function doIpRequest(isHTTPS, options) { ipRequestCompleted = true; process.emit("ipRequestCompleted"); }); + // eslint-disable-next-line no-unused-vars } catch (err) { clearTimeout(dnsTimeout); callbackDone = true; @@ -629,6 +635,7 @@ if (process.serverConfig.secure) { let vnum = 0; try { vnum = process.config.variables.node_module_version; + // eslint-disable-next-line no-unused-vars } catch (err) { // Version number not retrieved } @@ -813,7 +820,7 @@ if (!disableMods) { crypto.__disabled__ === undefined ? "var crypto = require('crypto');\r\nvar https = require('https');\r\n" : "" - }var stream = require(\'stream\');\r\nvar customvar1;\r\nvar customvar2;\r\nvar customvar3;\r\nvar customvar4;\r\n\r\nfunction Mod() {}\r\nMod.prototype.callback = function callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData, authUser) {\r\nreturn () => {\r\nvar disableEndElseCallbackExecute = false;\r\nfunction filterHeaders(e){var r={};return Object.keys(e).forEach(((t) => {null!==e[t]&&void 0!==e[t]&&("object"==typeof e[t]?r[t]=JSON.parse(JSON.stringify(e[t])):r[t]=e[t])})),r}\r\nfunction checkHostname(e){if(void 0===e||"*"==e)return!0;if(req.headers.host&&0==e.indexOf("*.")&&"*."!=e){var r=e.substring(2);if(req.headers.host==r||req.headers.host.indexOf("."+r)==req.headers.host.length-r.length-1)return!0}else if(req.headers.host&&req.headers.host==e)return!0;return!1}\r\nfunction checkHref(e){return href==e||"win32"==os.platform()&&href.toLowerCase()==e.toLowerCase()}\r\n`; + }var stream = require('stream');\r\nvar customvar1;\r\nvar customvar2;\r\nvar customvar3;\r\nvar customvar4;\r\n\r\nfunction Mod() {}\r\nMod.prototype.callback = function callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData, authUser) {\r\nreturn () => {\r\nvar disableEndElseCallbackExecute = false;\r\nfunction filterHeaders(e){var r={};return Object.keys(e).forEach(((t) => {null!==e[t]&&void 0!==e[t]&&("object"==typeof e[t]?r[t]=JSON.parse(JSON.stringify(e[t])):r[t]=e[t])})),r}\r\nfunction checkHostname(e){if(void 0===e||"*"==e)return!0;if(req.headers.host&&0==e.indexOf("*.")&&"*."!=e){var r=e.substring(2);if(req.headers.host==r||req.headers.host.indexOf("."+r)==req.headers.host.length-r.length-1)return!0}else if(req.headers.host&&req.headers.host==e)return!0;return!1}\r\nfunction checkHref(e){return href==e||"win32"==os.platform()&&href.toLowerCase()==e.toLowerCase()}\r\n`; const modfoot = "\r\nif(!disableEndElseCallbackExecute) {\r\ntry{\r\nelseCallback();\r\n} catch(err) {\r\n}\r\n}\r\n}\r\n}\r\nmodule.exports = Mod;"; // Write the modified server side script to the temp folder @@ -1042,6 +1049,7 @@ try { server2 = http.createServer({ requireHostHeader: false, }); + // eslint-disable-next-line no-unused-vars } catch (err) { server2 = http.createServer(); } @@ -1107,6 +1115,7 @@ if (process.serverConfig.enableHTTP2 == true) { server = http.createServer({ requireHostHeader: false, }); + // eslint-disable-next-line no-unused-vars } catch (err) { server = http.createServer(); } @@ -1144,10 +1153,12 @@ if (process.serverConfig.secure) { "$", "i", ); + // eslint-disable-next-line no-unused-vars } catch (err) { // Can't replace regex, ignoring... } }); + // eslint-disable-next-line no-unused-vars } catch (err) { // SNI error } @@ -1201,6 +1212,7 @@ if (process.serverConfig.secure) { try { sock._parent.destroy(a, b, c); sock.destroyed = sock._parent.destroyed; + // eslint-disable-next-line no-unused-vars } catch (err) { // Socket is probably already destroyed. } @@ -1209,6 +1221,7 @@ if (process.serverConfig.secure) { sock._parent.destroy = sock._parent.reallyDestroy; try { if (sock._parent.toDestroy) sock._parent.destroy(); + // eslint-disable-next-line no-unused-vars } catch (err) { // Socket is probably already destroyed. } @@ -1302,9 +1315,13 @@ let commands = { log("No mods installed."); } }, + + // eslint-disable-next-line no-unused-vars clear: (args, log) => { console.clear(); }, + + // eslint-disable-next-line no-unused-vars stop: (args, log) => { let retcode = args[0]; if ( @@ -1325,6 +1342,7 @@ let commands = { } } }); + // eslint-disable-next-line no-unused-vars } catch (err) { if (!process.removeFakeIPC) { if (typeof retcode == "number") { @@ -1344,6 +1362,7 @@ let commands = { } } }); + // eslint-disable-next-line no-unused-vars } catch (err) { if (typeof retcode == "number") { process.exit(retcode); @@ -1491,6 +1510,7 @@ function getWorkerCountToFork() { try { const useAvailableCores = Math.round(os.freemem() / 50000000) - 1; // 1 core deleted for safety... if (workersToFork > useAvailableCores) workersToFork = useAvailableCores; + // eslint-disable-next-line no-unused-vars } catch (err) { // Nevermind... Don't want SVR.JS to fail starting, because os.freemem function is not working. } @@ -1517,6 +1537,8 @@ function forkWorkers(workersToFork, callback) { } // Listening message event listener + +// eslint-disable-next-line no-unused-vars process.messageEventListeners.push((worker, serverconsole) => { return (message) => { if (message == "\x12LISTEN") { @@ -1972,6 +1994,7 @@ function start(init) { } else { checkWorker(callback, _id + 1); } + // eslint-disable-next-line no-unused-vars } catch (err) { if (cluster.workers[allWorkers[_id]]) { cluster.workers[allWorkers[_id]].removeAllListeners("message"); @@ -2045,9 +2068,10 @@ function start(init) { process.send(`Unrecognized command "${line.split(" ")[0]}".`); process.send("\x12END"); } + // eslint-disable-next-line no-unused-vars } catch (err) { if (line != "") { - process.send(`Can't execute command \"${line.split(" ")[0]}".`); + process.send(`Can't execute command "${line.split(" ")[0]}".`); process.send("\x12END"); } } @@ -2078,6 +2102,7 @@ function start(init) { if (cluster.workers[allWorkers[i]]) { cluster.workers[allWorkers[i]].kill(); } + // eslint-disable-next-line no-unused-vars } catch (err) { stopError = true; } @@ -2108,6 +2133,7 @@ function start(init) { cluster.workers[clusterID].on("message", msgListener); cluster.workers[clusterID].send(line); } + // eslint-disable-next-line no-unused-vars } catch (err) { if (cluster.workers[clusterID]) { cluster.workers[clusterID].removeAllListeners("message"); @@ -2124,6 +2150,7 @@ function start(init) { } else { try { commands[command](argss, serverconsole.climessage); + // eslint-disable-next-line no-unused-vars } catch (err) { serverconsole.climessage( 'Unrecognized command "' + command + '".', @@ -2325,6 +2352,7 @@ function start(init) { } else { checkWorker(callback, _id + 1); } + // eslint-disable-next-line no-unused-vars } catch (err) { if (cluster.workers[allWorkers[_id]]) { cluster.workers[allWorkers[_id]].removeAllListeners( @@ -2397,11 +2425,13 @@ if (cluster.isPrimary || cluster.isPrimary === undefined) { } try { deleteFolderRecursive(process.dirname + "/temp"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Error! } try { fs.mkdirSync(process.dirname + "/temp"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Error! } @@ -2415,6 +2445,7 @@ if (cluster.isPrimary || cluster.isPrimary === undefined) { process.dirname + "/temp/serverSideScript.js", "// Placeholder server-side JavaScript to workaround Bun bug.\r\n", ); + // eslint-disable-next-line no-unused-vars } catch (err) { // Error! } @@ -2437,6 +2468,7 @@ if (cluster.isPrimary || cluster.isPrimary === undefined) { if (cluster.workers[allWorkers[i]]) { cluster.workers[allWorkers[i]].send("stop"); } + // eslint-disable-next-line no-unused-vars } catch (err) { // Worker will crash with EPIPE anyway. } diff --git a/src/middleware/checkForbiddenPaths.js b/src/middleware/checkForbiddenPaths.js index 18bcb29..8a9c72f 100644 --- a/src/middleware/checkForbiddenPaths.js +++ b/src/middleware/checkForbiddenPaths.js @@ -53,6 +53,7 @@ module.exports = (req, res, logFacilities, config, next) => { decodedHrefWithoutDuplicateSlashes = decodeURIComponent( req.parsedURL.pathname, ).replace(/\/+/g, "/"); + // eslint-disable-next-line no-unused-vars } catch (err) { res.error(400); } diff --git a/src/middleware/nonStandardCodesAndHttpAuthentication.js b/src/middleware/nonStandardCodesAndHttpAuthentication.js index f1331ce..4f5487a 100644 --- a/src/middleware/nonStandardCodesAndHttpAuthentication.js +++ b/src/middleware/nonStandardCodesAndHttpAuthentication.js @@ -13,6 +13,7 @@ let crypto = { }; try { crypto = require("crypto"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Crypto is disabled } @@ -415,6 +416,8 @@ module.exports = (req, res, logFacilities, config, next) => { }; // IPC listener for brute force protection + +// eslint-disable-next-line no-unused-vars process.messageEventListeners.push((worker, serverconsole) => { return (message) => { let ip = ""; diff --git a/src/middleware/responseHeaders.js b/src/middleware/responseHeaders.js index 591551f..393c42a 100644 --- a/src/middleware/responseHeaders.js +++ b/src/middleware/responseHeaders.js @@ -4,6 +4,7 @@ module.exports = (req, res, logFacilities, config, next) => { Object.keys(hkh).forEach((hkS) => { try { res.setHeader(hkS, hkh[hkS]); + // eslint-disable-next-line no-unused-vars } catch (err) { // Headers will not be set. } diff --git a/src/middleware/rewriteURL.js b/src/middleware/rewriteURL.js index 7827d4c..8e01274 100644 --- a/src/middleware/rewriteURL.js +++ b/src/middleware/rewriteURL.js @@ -7,6 +7,7 @@ const matchHostname = require("../utils/matchHostname.js"); module.exports = (req, res, logFacilities, config, next) => { try { decodeURIComponent(req.parsedURL.pathname); + // eslint-disable-next-line no-unused-vars } catch (err) { res.error(400); } diff --git a/src/middleware/staticFileServingAndDirectoryListings.js b/src/middleware/staticFileServingAndDirectoryListings.js index 946ccb9..2f4e8b0 100644 --- a/src/middleware/staticFileServingAndDirectoryListings.js +++ b/src/middleware/staticFileServingAndDirectoryListings.js @@ -23,6 +23,7 @@ const generateETag = (filePath, stat) => { return ETagDB[filePath + "-" + stat.size + "-" + stat.mtime]; }; +// eslint-disable-next-line no-unused-vars module.exports = (req, res, logFacilities, config, next) => { const checkPathLevel = (path) => { // Split the path into an array of components based on "/" @@ -74,12 +75,13 @@ module.exports = (req, res, logFacilities, config, next) => { let href = req.parsedURL.pathname; let origHref = req.originalParsedURL.pathname; - let ext = href.match(/[^\/]\.([^.]+)$/); + let ext = href.match(/[^/]\.([^.]+)$/); if (!ext) ext = ""; else ext = ext[1].toLowerCase(); let dHref = ""; try { dHref = decodeURIComponent(href); + // eslint-disable-next-line no-unused-vars } catch (err) { res.error(400); return; @@ -381,6 +383,7 @@ module.exports = (req, res, logFacilities, config, next) => { if (process.isBun && useBrotli && isCompressable) { try { zlib.createBrotliCompress(); + // eslint-disable-next-line no-unused-vars } catch (err) { useBrotli = false; } @@ -574,7 +577,7 @@ module.exports = (req, res, logFacilities, config, next) => { getCustomDirListingFooter(() => { // Check if custom header has HTML tag const headerHasHTMLTag = customDirListingHeader - .replace(/|$)/g, "") + .replace(/)[\s\S])*|)(?:-->|$)/g, "") .match( /])*(?:>|$)/i, ); @@ -619,7 +622,7 @@ module.exports = (req, res, logFacilities, config, next) => { checkPathLevel(decodeURIComponent(origHref)) < 1 ? "" : '[RET]Return' }`; diff --git a/src/utils/clusterBunShim.js b/src/utils/clusterBunShim.js index d090b1a..e1409f2 100644 --- a/src/utils/clusterBunShim.js +++ b/src/utils/clusterBunShim.js @@ -8,6 +8,7 @@ if (!process.singleThreaded) { try { // Import cluster module cluster = require("cluster"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Clustering is not supported! } diff --git a/src/utils/createRegex.js b/src/utils/createRegex.js index e5f81cc..987f8a0 100644 --- a/src/utils/createRegex.js +++ b/src/utils/createRegex.js @@ -1,7 +1,7 @@ const os = require("os"); function createRegex(regex, isPath) { - const regexStrMatch = regex.match(/^\/((?:\\.|[^\/\\])*)\/([a-zA-Z0-9]*)$/); + const regexStrMatch = regex.match(/^\/((?:\\.|[^/\\])*)\/([a-zA-Z0-9]*)$/); if (!regexStrMatch) throw new Error("Invalid regular expression: " + regex); const searchString = regexStrMatch[1]; let modifiers = regexStrMatch[2]; diff --git a/src/utils/legacyModWrapper.js b/src/utils/legacyModWrapper.js index a1cdbe0..c01029b 100644 --- a/src/utils/legacyModWrapper.js +++ b/src/utils/legacyModWrapper.js @@ -17,7 +17,7 @@ module.exports = (legacyMod) => { if (!req[legacyParsedURLSymbol]) req[legacyParsedURLSymbol] = parseURL(req.url); - let ext = req[legacyParsedURLSymbol].pathname.match(/[^\/]\.([^.]+)$/); + let ext = req[legacyParsedURLSymbol].pathname.match(/[^/]\.([^.]+)$/); if (!ext) ext = ""; // Function to parse incoming POST data from the request diff --git a/src/utils/sendStatistics.js b/src/utils/sendStatistics.js index 65202c6..09602cb 100644 --- a/src/utils/sendStatistics.js +++ b/src/utils/sendStatistics.js @@ -17,8 +17,10 @@ let https = { }, }; try { + // eslint-disable-next-line no-unused-vars crypto = require("crypto"); https = require("https"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Can't load HTTPS } @@ -51,6 +53,7 @@ function sendStatistics(modInfos, callback) { let parsedJson = {}; try { parsedJson = JSON.parse(data); + // eslint-disable-next-line no-unused-vars } catch (err) { throw new Error("JSON parse error (response parsing failed)."); } diff --git a/src/utils/serverconsole.js b/src/utils/serverconsole.js index 56fdc94..096ba0e 100644 --- a/src/utils/serverconsole.js +++ b/src/utils/serverconsole.js @@ -260,6 +260,7 @@ process.exit = (code) => { logSync = true; process.unsafeExit(code); }, 10000); // timeout + // eslint-disable-next-line no-unused-vars } catch (err) { logFile = undefined; logSync = true; diff --git a/src/utils/sha256.js b/src/utils/sha256.js index e4acb42..58043de 100644 --- a/src/utils/sha256.js +++ b/src/utils/sha256.js @@ -1,6 +1,7 @@ let crypto = { __disabled__: null }; try { crypto = require("crypto"); + // eslint-disable-next-line no-unused-vars } catch (err) { // Crypto support is disabled. } diff --git a/src/utils/urlParserLegacy.js b/src/utils/urlParserLegacy.js index deebdcc..1aed5b0 100644 --- a/src/utils/urlParserLegacy.js +++ b/src/utils/urlParserLegacy.js @@ -13,7 +13,7 @@ function parseURL(uri, prepend) { // Parse the URL using regular expression let parsedURI = uri.match( - /^(?:([^:]+:)(\/\/)?)?(?:([^@\/?#\*]+)@)?([^:\/?#\*]+|\[[^\*]\/]\])?(?::([0-9]+))?(\*|\/[^?#]*)?(\?[^#]*)?(#[\S\s]*)?/, + /^(?:([^:]+:)(\/\/)?)?(?:([^@/?#*]+)@)?([^:/?#*]+|\[[^*]\/]\])?(?::([0-9]+))?(\*|\/[^?#]*)?(\?[^#]*)?(#[\S\s]*)?/, ); // Match 1: protocol // Match 2: slashes after protocol @@ -34,7 +34,7 @@ function parseURL(uri, prepend) { if (hasSlashes && !parsedURI[6]) parsedURI[6] = "/"; // If match 4 contains Unicode characters, convert it to Punycode. If the result is an empty string, throw an error - if (parsedURI[4] && !parsedURI[4].match(/^[a-zA-Z0-9\.\-]+$/)) { + if (parsedURI[4] && !parsedURI[4].match(/^[a-zA-Z0-9.-]+$/)) { parsedURI[4] = url.domainToASCII(parsedURI[4]); if (!parsedURI[4]) throw new Error("Invalid URL: " + uri); } diff --git a/src/utils/urlSanitizer.js b/src/utils/urlSanitizer.js index 23a8bde..904e2de 100644 --- a/src/utils/urlSanitizer.js +++ b/src/utils/urlSanitizer.js @@ -28,10 +28,10 @@ function sanitizeURL(resource, allowDoubleSlashes) { // Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths sanitizedResource = sanitizedResource .replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "") - .replace(/([^.\/])\.+(?=\/|$)/g, "$1"); - while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/)) { + .replace(/([^./])\.+(?=\/|$)/g, "$1"); + while (sanitizedResource.match(/\/(?!\.\.\/)[^/]+\/\.\.(?=\/|$)/)) { sanitizedResource = sanitizedResource.replace( - /\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, + /\/(?!\.\.\/)[^/]+\/\.\.(?=\/|$)/g, "", ); } diff --git a/utils/svrpasswd.js b/utils/svrpasswd.js index 2525cb1..86f33ec 100644 --- a/utils/svrpasswd.js +++ b/utils/svrpasswd.js @@ -4,6 +4,7 @@ const fs = require("fs"); let crypto = {}; try { crypto = require("crypto"); + // eslint-disable-next-line no-unused-vars } catch (ex) { crypto = {}; crypto.__disabled__ = null; @@ -259,11 +260,13 @@ if (fs.existsSync(__dirname + "/config.json")) { let configJSONf = ""; try { configJSONf = fs.readFileSync(__dirname + "/config.json"); //Read JSON File + // eslint-disable-next-line no-unused-vars } catch (ex) { throw new Error("Cannot read JSON file."); } try { configJSON = JSON.parse(configJSONf); //Parse JSON + // eslint-disable-next-line no-unused-vars } catch (ex) { throw new Error("JSON Parse error."); }