Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

find-my-way

Package Overview
Dependencies
Maintainers
2
Versions
112
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

find-my-way - npm Package Compare versions

Comparing version 4.4.0 to 5.0.0

lib/url-sanitizer.js

12

bench.js

@@ -82,2 +82,8 @@ 'use strict'

})
.add('find dynamic route with encoded parameter unoptimized', function () {
findMyWay.find('GET', '/user/maintainer%2Btomas', undefined)
})
.add('find dynamic route with encoded parameter optimized', function () {
findMyWay.find('GET', '/user/maintainer%20tomas', undefined)
})
.add('find dynamic multi-parametric route', function () {

@@ -98,2 +104,8 @@ findMyWay.find('GET', '/customer/john-doe', undefined)

})
.add('find long nested dynamic route with encoded parameter unoptimized', function () {
findMyWay.find('GET', '/posts/10%2C10/comments/42%2C42/author', undefined)
})
.add('find long nested dynamic route with encoded parameter optimized', function () {
findMyWay.find('GET', '/posts/10%2510/comments/42%2542/author', undefined)
})
.add('find long nested dynamic route with other method', function () {

@@ -100,0 +112,0 @@ findMyWay.find('POST', '/posts/10/comments', undefined)

89

index.js

@@ -5,10 +5,23 @@ 'use strict'

Char codes:
'#': 35
'*': 42
'-': 45
'.': 46
'/': 47
':': 58
';': 59
'?': 63
'!': 33 - !
'#': 35 - %23
'$': 36 - %24
'%': 37 - %25
'&': 38 - %26
''': 39 - '
'(': 40 - (
')': 41 - )
'*': 42 - *
'+': 43 - %2B
',': 44 - %2C
'-': 45 - -
'.': 46 - .
'/': 47 - %2F
':': 58 - %3A
';': 59 - %3B
'=': 61 - %3D
'?': 63 - %3F
'@': 64 - %40
'_': 95 - _
'~': 126 - ~
*/

@@ -18,3 +31,2 @@

const http = require('http')
const fastDecode = require('fast-decode-uri-component')
const isRegexSafe = require('safe-regex2')

@@ -24,2 +36,3 @@ const { flattenNode, compressFlattenedNode, prettyPrintFlattenedNode, prettyPrintRoutesArray } = require('./lib/pretty-print')

const Constrainer = require('./lib/constrainer')
const sanitizeUrl = require('./lib/url-sanitizer')

@@ -378,3 +391,3 @@ const NODE_TYPES = Node.prototype.types

Router.prototype.lookup = function lookup (req, res, ctx) {
var handle = this.find(req.method, sanitizeUrl(req.url), this.constrainer.deriveConstraints(req, ctx))
var handle = this.find(req.method, req.url, this.constrainer.deriveConstraints(req, ctx))
if (handle === null) return this._defaultRoute(req, res, ctx)

@@ -394,2 +407,10 @@ return ctx === undefined

let sanitizedUrl
try {
sanitizedUrl = sanitizeUrl(path)
path = sanitizedUrl.path
} catch (error) {
return this._onBadUrl(path)
}
var originalPath = path

@@ -502,7 +523,5 @@ var originalPathLength = path.length

if (i > maxParamLength) return null
decoded = fastDecode(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
decoded = sanitizedUrl.sliceParameter(idxInOriginalPath, idxInOriginalPath + i)
if (decoded === null) {
return this.onBadUrl !== null
? this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
: null
return this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
}

@@ -518,7 +537,5 @@ params || (params = [])

if (kind === NODE_TYPES.MATCH_ALL) {
decoded = fastDecode(originalPath.slice(idxInOriginalPath))
decoded = sanitizedUrl.sliceParameter(idxInOriginalPath)
if (decoded === null) {
return this.onBadUrl !== null
? this._onBadUrl(originalPath.slice(idxInOriginalPath))
: null
return this._onBadUrl(originalPath.slice(idxInOriginalPath))
}

@@ -538,7 +555,5 @@ params || (params = [])

if (i > maxParamLength) return null
decoded = fastDecode(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
decoded = sanitizedUrl.sliceParameter(idxInOriginalPath, idxInOriginalPath + i)
if (decoded === null) {
return this.onBadUrl !== null
? this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
: null
return this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
}

@@ -565,7 +580,5 @@ if (!node.regex.test(decoded)) return null

}
decoded = fastDecode(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
decoded = sanitizedUrl.sliceParameter(idxInOriginalPath, idxInOriginalPath + i)
if (decoded === null) {
return this.onBadUrl !== null
? this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
: null
return this._onBadUrl(originalPath.slice(idxInOriginalPath, idxInOriginalPath + i))
}

@@ -583,9 +596,7 @@ params || (params = [])

Router.prototype._getWildcardNode = function (node, path, len, derivedConstraints, params) {
Router.prototype._getWildcardNode = function (node, sanitizedUrl, len, derivedConstraints, params) {
if (node === null) return null
var decoded = fastDecode(path.slice(-len))
var decoded = sanitizedUrl.slice(-len)
if (decoded === null) {
return this.onBadUrl !== null
? this._onBadUrl(path.slice(-len))
: null
return this._onBadUrl(sanitizedUrl.slice(-len))
}

@@ -629,2 +640,5 @@

Router.prototype._onBadUrl = function (path) {
if (this.onBadUrl === null) {
return null
}
const onBadUrl = this.onBadUrl

@@ -677,15 +691,2 @@ return {

function sanitizeUrl (url) {
for (var i = 0, len = url.length; i < len; i++) {
var charCode = url.charCodeAt(i)
// Some systems do not follow RFC and separate the path and query
// string with a `;` character (code 59), e.g. `/foo;jsessionid=123456`.
// Thus, we need to split on `;` as well as `?` and `#`.
if (charCode === 63 || charCode === 59 || charCode === 35) {
return url.slice(0, i)
}
}
return url
}
function getClosingParenthensePosition (path, idx) {

@@ -692,0 +693,0 @@ // `path.indexOf()` will always return the first position of the closing parenthese,

{
"name": "find-my-way",
"version": "4.4.0",
"version": "5.0.0",
"description": "Crazy fast http radix based router",

@@ -27,3 +27,3 @@ "main": "index.js",

"engines": {
"node": ">=10"
"node": ">=12"
},

@@ -30,0 +30,0 @@ "author": "Tomas Della Vedova - @delvedor (http://delved.org)",

@@ -324,2 +324,4 @@ # find-my-way

**Note** that you must encode the parameters containing [reserved characters](https://www.rfc-editor.org/rfc/rfc3986#section-2.2).
<a name="match-order"></a>

@@ -326,0 +328,0 @@ ##### Match order

@@ -14,3 +14,3 @@ 'use strict'

onBadUrl: (path, req, res) => {
t.equal(path, '/%world')
t.equal(path, '/%world', { todo: 'this is not executed' })
}

@@ -34,3 +34,3 @@ })

onBadUrl: (path, req, res) => {
t.equal(path, '%world')
t.equal(path, '/hello/%world')
}

@@ -37,0 +37,0 @@ })

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc