New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

simplehttpserver

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

simplehttpserver - npm Package Compare versions

Comparing version
0.1.1
 to
0.2.0
+1
-1
package.json

@@ -5,3 +5,3 @@ {

"author": "Teemu Ikonen <teemu.ikonen@ıki.fi>",
"version": "0.1.1",
"version": "0.2.0",
"bin": "./cli.js",

@@ -8,0 +8,0 @@ "engine": "node >= 0.10.0",

+5
-5
README.md
# simplehttpserver: Simple HTTP Server
'simpehttpserver' is an simple imitation of python's SimpleHTTPServer and is intended for testing, development and debugging purposes
'simpehttpserver' is an simple imitation of Python's SimpleHTTPServer and is intended for testing, development and debugging purposes

@@ -13,9 +13,9 @@ # Install globally

Run simplehttpserver by command
Run simplehttpserver by a command
simplehttpserver [directory]
`[directory]` is used as web root. Default is current working directory.
`[directory]` is used as a web root. Default is the current working directory.
Server listens port 8000. Open browser to http://localhost:8000 to view.
Server listens the port 8000. Open browser to http://localhost:8000 to view.

@@ -26,2 +26,2 @@ # Run locally

You must have dependencies installed
You must have all the dependencies installed
+70
-51
simplehttpserver.js

@@ -10,3 +10,3 @@ var express = require('express'),

morgan = require('morgan');
// bodyparser = require('body-parser');
// bodyparser = require('body-parser');

@@ -42,6 +42,6 @@ var mainapp = express();

// Serve either current directory or directory given as argument
var dir = argv._[0] || process.cwd();
var dir = path.resolve( dir );
var webroot = argv._[0] || process.cwd();
webroot = path.resolve( webroot );
mainapp.use(express.static( dir ));
mainapp.use(express.static( webroot ));

@@ -60,5 +60,24 @@ // Add any dynamic handlers here

mainapp.get('*', function(req, res) {
var pathname = url.parse(req.url).pathname;
pathname = path.join(dir, pathname);
var pathname = url.parse(req.url).pathname;
// check that pathname does not contain relative elements
// e.g.
// ../foo/bar
// /../foo/bar
// /foo/../bar
// /foo/..
if(pathname.search(/(\/|^)\.\.(\/|$)/) != -1) {
return res.sendStatus(404);
}
pathname = path.join(webroot, pathname);
// check that the requested path resides inside the webroot
var relative = path.relative(webroot, pathname);
// following check allows filenames like '...'
if(relative.startsWith(".." + path.sep) || relative == "..") {
// requested path is outside webroot
return res.sendStatus(404);
}
fs.stat(pathname, function(err, stat) {

@@ -71,15 +90,15 @@ // Check if path is directory

fs.stat(indexpath, function(err, stat) {
if ( stat && stat.isFile() ) {
// index.html was found, serve that
send(res, indexpath)
.pipe(res);
return;
if ( stat && stat.isFile() ) {
// index.html was found, serve that
send(res, indexpath)
.pipe(res);
return;
} else {
// No index.html found, build directory listing
fs.readdir(pathname, function(err, list) {
if ( err ) return res.send(404);
return directoryHTML( res, req.url, pathname, list );
});
}
} else {
// No index.html found, build directory listing
fs.readdir(pathname, function(err, list) {
if ( err ) return res.send(404);
return directoryHTML( res, req.url, pathname, list );
});
}
});

@@ -90,14 +109,14 @@ });

function htmlsafe( str ) {
var tbl = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
};
var safestr = '';
for(var i=0; i < str.length; i++) {
safestr += tbl[str[i]] || str[i];
}
return safestr;
var tbl = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
};
var safestr = '';
for(var i=0; i < str.length; i++) {
safestr += tbl[str[i]] || str[i];
}
return safestr;
}

@@ -111,11 +130,11 @@

res.send('<!DOCTYPE html>' +
'<html>\n' +
'<title>Directory listing for '+htmlsafe(urldir)+'</title>\n' +
'<body>\n' +
'<h2>Directory listing for '+htmlsafe(urldir)+'</h2>\n' +
'<hr><ul>\n' +
list.join('\n') +
'</ul><hr>\n' +
'</body>\n' +
'</html>');
'<html>\n' +
'<title>Directory listing for '+htmlsafe(urldir)+'</title>\n' +
'<body>\n' +
'<h2>Directory listing for '+htmlsafe(urldir)+'</h2>\n' +
'<hr><ul>\n' +
list.join('\n') +
'</ul><hr>\n' +
'</body>\n' +
'</html>');
}

@@ -131,10 +150,10 @@

fs.stat(path.join(pathname, item), function(err, stat) {
if ( !stat ) cb();
var link = escape(item);
item = htmlsafe(item);
if ( stat.isDirectory() ) {
ulist.push('<li><a href="'+link+'/">'+item+'/</a></li>')
} else {
ulist.push('<li><a href="'+link+'">'+item+'</a></li>')
}
if ( !stat ) cb();
var link = escape(item);
item = htmlsafe(item);
if ( stat.isDirectory() ) {
ulist.push('<li><a href="'+link+'/">'+item+'/</a></li>')
} else {
ulist.push('<li><a href="'+link+'">'+item+'</a></li>')
}
cb();

@@ -147,4 +166,4 @@ });

q.drain = function() {
// Finished checking files, send the response
sendHTML(ulist);
// Finished checking files, send the response
sendHTML(ulist);
};

@@ -155,3 +174,3 @@ }

mainapp.listen(bindport, bindhost);
console.log('Listening ' + bindhost + ':' + bindport +' web root dir ' + dir );
console.log('Listening ' + bindhost + ':' + bindport +' web root dir ' + webroot );

@@ -165,4 +184,4 @@ /*

var server = https.createServer(options, mainapp).listen(8090, function(err) {
console.log('Listening SSL port 8090 status:', err);
console.log('Listening SSL port 8090 status:', err);
});
*/