From 4b109fa9e733bf8c1907a6fc1916edb29efbe8c0 Mon Sep 17 00:00:00 2001 From: Yoshiya Hinosawa Date: Tue, 12 Nov 2024 15:07:28 +0900 Subject: [PATCH] fix(http): do not serve dotfile when showDotfile=false --- http/file_server.ts | 5 +++++ http/file_server_test.ts | 19 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/http/file_server.ts b/http/file_server.ts index a6d505c12dc2..53a86c1c6749 100644 --- a/http/file_server.ts +++ b/http/file_server.ts @@ -707,6 +707,11 @@ async function createServeDirResponse( normalizedPath = normalizedPath.slice(0, -1); } + // Exclude dotfiles if showDotfiles is false + if (!showDotfiles && /\/\./.test(normalizedPath)) { + return createStandardResponse(STATUS_CODE.NotFound); + } + const fsPath = join(target, normalizedPath); const fileInfo = await Deno.stat(fsPath); diff --git a/http/file_server_test.ts b/http/file_server_test.ts index 3b055d8f344a..55f5d564ee7a 100644 --- a/http/file_server_test.ts +++ b/http/file_server_test.ts @@ -445,7 +445,21 @@ Deno.test("serveDir() doesn't show directory listings", async () => { assertEquals(res.status, 404); }); -Deno.test("serveDir() doesn't show dotfiles", async () => { +Deno.test("serveDir() shows dotfiles when showDotfiles=true", async () => { + const req1 = new Request("http://localhost/"); + const res1 = await serveDir(req1, serveDirOptions); + const page1 = await res1.text(); + + assert(page1.includes(".dotfile")); + + const req2 = new Request("http://localhost/.dotfile"); + const res2 = await serveDir(req2, serveDirOptions); + const body = await res2.text(); + + assertEquals(body, "dotfile"); +}); + +Deno.test("serveDir() doesn't show dotfiles when showDotfiles=false", async () => { const req1 = new Request("http://localhost/"); const res1 = await serveDir(req1, { ...serveDirOptions, @@ -462,7 +476,8 @@ Deno.test("serveDir() doesn't show dotfiles", async () => { }); const body = await res2.text(); - assertEquals(body, "dotfile"); + assertEquals(res2.status, 404); + assertEquals(body, "Not Found"); }); Deno.test("serveDir() shows .. if it makes sense", async () => {