Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@iannisz/node-cms

Package Overview
Dependencies
Maintainers
1
Versions
95
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@iannisz/node-cms - npm Package Compare versions

Comparing version 0.0.67 to 0.0.68

45

compiler.js

@@ -8,2 +8,4 @@ "use strict";

const child_process_1 = require("child_process");
const path_1 = require("path");
const security_1 = require("./static/private-workers/security");
exports.compile = async (pageCompilers) => {

@@ -30,2 +32,9 @@ // Store start time

const pagesTable = pagesDB.table('pages').get();
// Store all already compiled pages in a Set
// We will remove all compiled pages that we don't need anymore later on
const pagesToRemove = new Set();
const compiledPages = pagesDB.table('compiled_pages').get().rows;
for (let compiledPage of compiledPages) {
pagesToRemove.add(compiledPage.path);
}
// Compile all pages

@@ -39,5 +48,11 @@ const compilePage = (page, pageID) => {

}
// Check for malicious user input
if (security_1.dotDotSlashAttack(`./root/${page.path}`, './root')) {
throw new Error(`Malicious user input detected. Page compiler prevented creation of ${path_1.resolve(`./root/${page.path}`)}.`);
}
// Write the file
fs.writeFileSync('./root' + page.path, page.html);
console.log(`${chalk.green('✔')} Wrote file: ${chalk.yellow('./root' + page.path)}`);
console.log(`${chalk.green('✔')} Wrote file: ${chalk.yellow(path_1.resolve('./root' + page.path))}`);
// Remove the page path from pagesToRemove
pagesToRemove.delete(page.path);
// Store the page path in the database

@@ -68,2 +83,14 @@ const compiledPages = pagesDB.table('compiled_pages');

}
// Remove all unnecessary pages
for (let pageToRemove of pagesToRemove) {
if (fs.existsSync(pageToRemove)) {
// Check for malicious user input
if (security_1.dotDotSlashAttack(pageToRemove, __dirname)) {
throw new Error(`Malicious user input detected. Page compiler prevented deletion of ${path_1.resolve(pageToRemove)}.`);
}
fs.unlinkSync(pageToRemove);
console.log(`${chalk.green('✔')} Deleted unnecessary file: ${chalk.red(path_1.resolve(pageToRemove))}`);
}
}
deleteEmptyDirectories('./root');
console.log(`${chalk.green('✔')} Finished compilation in ${Date.now() - start}ms`);

@@ -79,2 +106,18 @@ };

};
const deleteEmptyDirectories = (dirPath) => {
const files = fs.readdirSync(dirPath);
if (files.length == 0) {
// This directory is empty, delete it
fs.rmdirSync(dirPath);
console.log(`${chalk.green('✔')} Deleted empty directory: ${chalk.red(path_1.resolve(dirPath))}`);
}
else {
// Recursively call deleteEmptyDirectories on any subdirectory
for (let file of files) {
if (fs.statSync(file).isDirectory()) {
deleteEmptyDirectories(file);
}
}
}
};
const install = () => new Promise(resolve => {

@@ -81,0 +124,0 @@ const installer = child_process_1.spawn('node', ['./install']);

62

compiler.ts

@@ -5,2 +5,4 @@ import * as fs from 'fs'

import { spawn } from 'child_process'
import { resolve as resolvePath } from 'path'
import { dotDotSlashAttack } from './static/private-workers/security'

@@ -46,2 +48,12 @@ type PageCompiler = (pageContent: Object, pages: Table) => {

// Store all already compiled pages in a Set
// We will remove all compiled pages that we don't need anymore later on
const pagesToRemove = new Set<string>()
const compiledPages = pagesDB.table('compiled_pages').get().rows
for (let compiledPage of compiledPages) {
pagesToRemove.add(compiledPage.path)
}
// Compile all pages

@@ -62,7 +74,17 @@

// Check for malicious user input
if (dotDotSlashAttack(`./root/${ page.path }`, './root')) {
throw new Error(`Malicious user input detected. Page compiler prevented creation of ${ resolvePath(`./root/${ page.path }`) }.`)
}
// Write the file
fs.writeFileSync('./root' + page.path, page.html)
console.log(`${ chalk.green('✔') } Wrote file: ${ chalk.yellow('./root' + page.path) }`)
console.log(`${ chalk.green('✔') } Wrote file: ${ chalk.yellow(resolvePath('./root' + page.path)) }`)
// Remove the page path from pagesToRemove
pagesToRemove.delete(page.path)
// Store the page path in the database

@@ -102,2 +124,20 @@

// Remove all unnecessary pages
for (let pageToRemove of pagesToRemove) {
if (fs.existsSync(pageToRemove)) {
// Check for malicious user input
if (dotDotSlashAttack(pageToRemove, __dirname)) {
throw new Error(`Malicious user input detected. Page compiler prevented deletion of ${ resolvePath(pageToRemove) }.`)
}
fs.unlinkSync(pageToRemove)
console.log(`${ chalk.green('✔') } Deleted unnecessary file: ${ chalk.red(resolvePath(pageToRemove)) }`)
}
}
deleteEmptyDirectories('./root')
console.log(`${ chalk.green('✔') } Finished compilation in ${ Date.now() - start }ms`)

@@ -117,2 +157,22 @@ }

const deleteEmptyDirectories = (dirPath: string) => {
const files = fs.readdirSync(dirPath)
if (files.length == 0) {
// This directory is empty, delete it
fs.rmdirSync(dirPath)
console.log(`${ chalk.green('✔') } Deleted empty directory: ${ chalk.red(resolvePath(dirPath)) }`)
} else {
// Recursively call deleteEmptyDirectories on any subdirectory
for (let file of files) {
if (fs.statSync(file).isDirectory()) {
deleteEmptyDirectories(file)
}
}
}
}
const install = () => new Promise<void>(resolve => {

@@ -119,0 +179,0 @@ const installer = spawn('node', [ './install' ])

2

package.json
{
"name": "@iannisz/node-cms",
"version": "0.0.67",
"version": "0.0.68",
"description": "Node CMS",

@@ -5,0 +5,0 @@ "main": "index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc