OCram85/code-server
Archived
1
0
Fork 0
Code Pull Requests 2 Activity

refactor: only accept string in pathToFsPath

Browse Source 
CodeQL caught a path where we were passing in req.query.path
to pathToFsPath, which may not have been a string.

So we refactored some things to ensure we only pass it a string
which also let us change the parameter type to string
instead of string | string[].
This commit is contained in:
Joe Previte
2021-07-19 14:22:42 -07:00
parent 0f451524f9
commit 5c61318592
3 changed files with 11 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/node/routes/vscode.ts
View File

@ -63,9 +63,10 @@ router.get("/", async (req, res) => {
* TODO: Might currently be unused.
*/
router.get("/resource(/*)?", ensureAuthenticated, async (req, res) => {
if (typeof req.query.path === "string") {
res.set("Content-Type", getMediaMime(req.query.path))
res.send(await fs.readFile(pathToFsPath(req.query.path)))
const path = getFirstString(req.query.path)
if (path) {
res.set("Content-Type", getMediaMime(path))
res.send(await fs.readFile(pathToFsPath(path)))
}
})
@ -73,9 +74,10 @@ router.get("/resource(/*)?", ensureAuthenticated, async (req, res) => {
* Used by VS Code to load files.
*/
router.get("/vscode-remote-resource(/*)?", ensureAuthenticated, async (req, res) => {
if (typeof req.query.path === "string") {
res.set("Content-Type", getMediaMime(req.query.path))
res.send(await fs.readFile(pathToFsPath(req.query.path)))
const path = getFirstString(req.query.path)
if (path) {
res.set("Content-Type", getMediaMime(path))
res.send(await fs.readFile(pathToFsPath(path)))
}
})