From 8133cf4b368e4f160e6320ab8642c89e1d793fd7 Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Tue, 30 Jul 2024 17:03:08 +0200
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 http-cache/cache_cache-control.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/http-cache/cache_cache-control.js b/http-cache/cache_cache-control.js
index 7b1bb1d..100a412 100644
--- a/http-cache/cache_cache-control.js
+++ b/http-cache/cache_cache-control.js
@@ -19,6 +19,11 @@ const path = require('path')
 
 
 http.createServer((req, res) => {
+    if (path.normalize(decodeURI(req.url)) !== decodeURI(req.url)) {
+        res.statusCode = 403;
+        res.end();
+        return;
+    }
 	let filePath = path.join(__dirname, req.url)
   fs.readFile(filePath, (err, data) => {
   	if (err) {