Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-fileupload

Package Overview
Dependencies
Maintainers
2
Versions
49
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-fileupload - npm Package Compare versions

Comparing version 1.4.0 to 1.4.1

.mocharc.json
test/posttests.js
test/pretests.js

0

example/README.md

@@ -0,0 +0,0 @@ # express-fileupload Examples

0

example/server.js

@@ -0,0 +0,0 @@ const express = require('express');

0

lib/fileFactory.js

@@ -0,0 +0,0 @@ 'use strict';

0

lib/index.js

@@ -0,0 +0,0 @@ 'use strict';

0

lib/isEligibleRequest.js

@@ -0,0 +0,0 @@ const ACCEPTABLE_CONTENT_TYPE = /^(multipart\/.+);(.*)$/i;

0

lib/memHandler.js

@@ -0,0 +0,0 @@ const crypto = require('crypto');

0

lib/processMultipart.js

@@ -0,0 +0,0 @@ const Busboy = require('busboy');

0

lib/processNested.js

@@ -0,0 +0,0 @@ const { isSafeFromPollution } = require("./utilities");

0

lib/tempFileHandler.js

@@ -0,0 +0,0 @@ const fs = require('fs');

0

lib/uploadtimer.js

@@ -0,0 +0,0 @@ class UploadTimer {

21

lib/utilities.js

@@ -232,3 +232,22 @@ 'use strict';

const uriDecodeFileName = (opts, fileName) => {
return opts.uriDecodeFileNames ? decodeURIComponent(fileName) : fileName;
const options = opts || {};
if (!options.uriDecodeFileNames) {
return fileName;
}
// Decode file name from URI with checking URI malformed errors.
// See Issue https://github.com/richardgirges/express-fileupload/issues/342.
try {
return decodeURIComponent(fileName);
} catch (err) {
const matcher = /(%[a-f0-9]{2})/gi;
return fileName.split(matcher)
.map((str) => {
try {
return decodeURIComponent(str);
} catch (err) {
return '';
}
})
.join('');
}
};

@@ -235,0 +254,0 @@

7

package.json
{
"name": "express-fileupload",
"version": "1.4.0",
"version": "1.4.1",
"author": "Richard Girges <richardgirges@gmail.com>",

@@ -8,2 +8,4 @@ "description": "Simple express file upload middleware that wraps around Busboy",

"scripts": {
"pretest": "node ./test/pretests.js",
"posttest": "node ./test/posttests.js",
"test": "nyc --reporter=html --reporter=text mocha -- -R spec",

@@ -40,4 +42,5 @@ "lint": "eslint ./",

"rimraf": "^3.0.2",
"supertest": "^4.0.2"
"rnd-file": "^0.0.1",
"supertest": "^6.1.5"
}
}

0

README.md

@@ -0,0 +0,0 @@ # express-fileupload

0

SECURITY.md

@@ -0,0 +0,0 @@ # Security Policy

2

test/fileFactory.spec.js

@@ -25,3 +25,3 @@ 'use strict';

describe('Test of the fileFactory factory', function() {
describe('fileFactory: Test of the fileFactory factory', function() {
beforeEach(() => server.clearUploadsDir());

@@ -28,0 +28,0 @@

12

test/fileLimitUploads.spec.js

@@ -10,3 +10,3 @@ 'use strict';

describe('Test Single File Upload With File Size Limit', function() {
describe('fileLimitUloads: Test Single File Upload With File Size Limit', function() {
let app, limitHandlerRun;

@@ -43,3 +43,6 @@

.expect(413)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});

@@ -68,4 +71,5 @@ });

.expect(500, {response: 'Limit reached!'})
.end(function(err){
if (err) return done(err);
.end(function(err) {
// err.code === 'ECONNRESET' that means upload has been aborted.
if (err && err.code !== 'ECONNRESET') return done(err);
if (!limitHandlerRun) return done('handler did not run');

@@ -72,0 +76,0 @@ done();

4

test/multipartFields.spec.js

@@ -20,3 +20,3 @@ 'use strict';

describe('Test Multipart Form Single Field Submissions', function() {
describe('multipartFields: Test Multipart Form Single Field Submissions', function() {
it('submit multipart user data with POST', function(done) {

@@ -66,3 +66,3 @@ request(app)

describe('Test Multipart Form Array Field Submissions', function() {
describe('multipartFields: Test Multipart Form Array Field Submissions', function() {
it('submit array of data with POST', function(done) {

@@ -69,0 +69,0 @@ let req = request(app).post('/fields/array');

80

test/multipartUploads.spec.js

@@ -41,3 +41,3 @@ 'use strict';

describe('Test Directory Cleaning Method', function() {
describe('multipartUploads: Test Directory Cleaning Method', function() {
it('emptied "uploads" directory', function(done) {

@@ -50,3 +50,3 @@ clearUploadsDir();

describe('Test Single File Upload', function() {
describe('multipartUploads: Test Single File Upload', function() {
const app = server.setup();

@@ -75,3 +75,3 @@

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});

@@ -91,3 +91,6 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});

@@ -100,7 +103,10 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});
});
describe('Test Single File Upload w/ .mv()', function() {
describe('multipartUploads: Test Single File Upload w/ .mv()', function() {
const app = server.setup();

@@ -133,3 +139,3 @@

describe('Test Single File Upload with useTempFiles option.', function() {
describe('multipartUploads: Test Single File Upload w/ useTempFiles option.', function() {
const app = server.setup({ useTempFiles: true, tempFileDir: tempDir });

@@ -141,3 +147,3 @@

const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST`, function(done) {

@@ -159,3 +165,3 @@ clearUploadsDir();

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});

@@ -175,3 +181,6 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});

@@ -184,7 +193,10 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});
});
describe('Test Single File Upload with useTempFiles option and empty tempFileDir.', function() {
describe('multipartUploads: Single File Upload w/ useTempFiles & empty tempFileDir.', function() {
const app = server.setup({ useTempFiles: true, tempFileDir: '' });

@@ -204,7 +216,7 @@

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});
});
describe('Test Single File Upload w/ .mv() Promise', function() {
describe('multipartUploads: Test Single File Upload w/ .mv() Promise', function() {
const app = server.setup();

@@ -216,3 +228,3 @@

const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST w/ .mv() Promise`, function(done) {

@@ -234,3 +246,3 @@ clearUploadsDir();

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});

@@ -250,3 +262,6 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});

@@ -259,7 +274,10 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});
});
describe('Test Single File Upload w/ .mv() Promise and useTempFiles set to true', function() {
describe('multipartUploads: Test Single File Upload w/ .mv() Promise & useTempFiles', function() {
const app = server.setup({ useTempFiles: true, tempFileDir: tempDir });

@@ -271,3 +289,3 @@

const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST w/ .mv() Promise`, function(done) {

@@ -289,3 +307,3 @@ clearUploadsDir();

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});

@@ -305,3 +323,6 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});

@@ -314,7 +335,10 @@

.expect(400)
.end(done);
.end((err) => {
// err.code === 'ECONNRESET' that means upload has been aborted.
done(err && err.code !== 'ECONNRESET' ? err : null);
});
});
});
describe('Test Multi-File Upload', function() {
describe('multipartUploads: Test Multi-File Upload', function() {
const app = server.setup();

@@ -358,3 +382,3 @@

describe('Test File Array Upload', function() {
describe('multipartUploads: Test File Array Upload', function() {
const app = server.setup();

@@ -395,3 +419,3 @@

describe('Test Upload With Fields', function() {
describe('multipartUploads: Test Upload With Fields', function() {
const app = server.setup();

@@ -429,7 +453,7 @@ mockFiles.forEach((fileName) => {

.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});
});
describe('Test Aborting/Canceling during upload', function() {
describe('multipartUploads: Test Aborting/Canceling during upload', function() {
this.timeout(4000); // Set timeout for async tests.

@@ -436,0 +460,0 @@ const uploadTimeout = 1000;

2

test/options.spec.js

@@ -9,3 +9,3 @@ const fs = require('fs');

describe('File Upload Options Tests', function() {
describe('options: File Upload Options Tests', function() {
afterEach(function(done) {

@@ -12,0 +12,0 @@ clearUploadsDir();

2

test/processNested.spec.js

@@ -6,3 +6,3 @@ 'use strict';

describe('Test Convert Flatten object to Nested object', function() {
describe('processNested: Test Convert Flatten object to Nested object', function() {
it('With no nested data', () => {

@@ -9,0 +9,0 @@ const data = {

27

test/server.js

@@ -6,2 +6,3 @@ 'use strict';

const rimraf = require('rimraf');
const randomFile = require('rnd-file');

@@ -12,2 +13,11 @@ const fileDir = path.join(__dirname, 'files');

const mockFiles = [
{ name: 'emptyfile.txt', size: 0 },
{ name: 'basket.ball.bp', size: 151 * 1024 },
{ name: 'basketball.png', size: 151 * 1024 },
{ name: 'car.png', size: 263 * 1024 },
{ name: 'my$Invalid#fileName.png123', size: 263 * 1024 },
{ name: 'tree.png', size: 266 * 1024 }
];
const clearDir = (dir) => {

@@ -22,4 +32,5 @@ try {

const clearUploadsDir = () => clearDir(uploadDir);
const clearTempDir = () => clearDir(tempDir);
const createTestFiles = () => Promise.all(mockFiles.map((file) => {
return randomFile({ filePath: fileDir, fileName: file.name, fileSize: file.size });
}));

@@ -85,3 +96,3 @@ const getUploadedFileData = (file) => ({

}
const fields = ['firstName', 'lastName', 'email'];

@@ -123,3 +134,3 @@ for (let i = 0; i < fields.length; i += 1) {

const fileNames = ['testFile1', 'testFile2', 'testFile3'];
const testFiles = fileNames.map(file => req.files[file]);

@@ -131,3 +142,3 @@ for (let i = 0; i < testFiles.length; i += 1) {

}
const filesData = testFiles.map(file => getUploadedFileData(file));

@@ -279,4 +290,6 @@

uploadDir,
clearTempDir,
clearUploadsDir
clearFileDir: () => clearDir(fileDir),
clearTempDir: () => clearDir(tempDir),
clearUploadsDir: () => clearDir(uploadDir),
createTestFiles
};

28

test/tempFile.spec.js

@@ -6,9 +6,8 @@ const fs = require('fs');

const server = require('./server');
const clearUploadsDir =
server.clearUploadsDir;
const fileDir =
server.fileDir;
const uploadDir =
server.uploadDir;
describe('File Upload Options Tests', function() {
const clearUploadsDir = server.clearUploadsDir;
const fileDir = server.fileDir;
const uploadDir = server.uploadDir;
describe('tempFile: Test fileupload w/ useTempFiles.', function() {
afterEach(function(done) {

@@ -58,7 +57,6 @@ clearUploadsDir();

}
fs.stat(uploadedFilePath, done);
});
}
describe('Testing [safeFileNames with useTempFiles] option to ensure:', function() {
describe('Testing [safeFileNames w/ useTempFiles] option to ensure:', function() {
it('Does nothing to your filename when disabled.', function(done) {

@@ -70,6 +68,4 @@ const fileUploadOptions = {

};
const actualFileName =
'my$Invalid#fileName.png123';
const expectedFileName =
'my$Invalid#fileName.png123';
const actualFileName = 'my$Invalid#fileName.png123';
const expectedFileName = 'my$Invalid#fileName.png123';
executeFileUploadTestWalk(

@@ -87,6 +83,4 @@ fileUploadOptions,

};
const actualFileName =
'my$Invalid#fileName.png123';
const expectedFileName =
'my$Invalid#fileName.png123';
const actualFileName = 'my$Invalid#fileName.png123';
const expectedFileName = 'my$Invalid#fileName.png123';
executeFileUploadTestWalk(

@@ -93,0 +87,0 @@ fileUploadOptions,

2

test/uploadtimer.spec.js

@@ -6,3 +6,3 @@ 'use strict';

describe('Test UploadTimer class', () => {
describe('uploadTimer: Test UploadTimer class', () => {

@@ -9,0 +9,0 @@ it('It runs a callback function after specified timeout.', (done) => {

7

test/utilities.spec.js

@@ -31,3 +31,3 @@ 'use strict';

describe('Test of the utilities functions', function() {
describe('utilities: Test of the utilities functions', function() {
beforeEach(function() {

@@ -211,3 +211,3 @@ server.clearUploadsDir();

//buildFields tests
describe('Test buildOptions function', () => {
describe('Test buildFields function', () => {

@@ -387,3 +387,4 @@ it('buildFields does nothing if null value has been passed', () => {

{ enc: 'test%60filename', dec: 'test`filename' },
{ enc: '%3Fx%3Dtest%22filename', dec: '?x=test"filename'}
{ enc: '%3Fx%3Dtest%22filename', dec: '?x=test"filename'},
{ enc: 'bug_bounty_upload_%91%91and%92.txt', dec: 'bug_bounty_upload_and.txt'}
];

@@ -390,0 +391,0 @@ 

test/files/basket.ball.bp
test/files/basketball.png
test/files/car.png
test/files/emptyfile.txt
test/files/my$Invalid#fileName.png123
test/files/tree.png
.circleci/config.yml

Sorry, the diff of this file is not supported yet

.eslintignore

Sorry, the diff of this file is not supported yet

.eslintrc

Sorry, the diff of this file is not supported yet

example/index.html

Sorry, the diff of this file is not supported yet

LICENSE

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc