index.js
1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*!
* resolve-path
* Copyright(c) 2014 Jonathan Ong
* Copyright(c) 2015 Douglas Christopher Wilson
* MIT Licensed
*/
'use strict'
/**
* Module dependencies.
* @private
*/
var createError = require('http-errors')
var normalize = require('path').normalize
var pathIsAbsolute = require('path-is-absolute')
var resolve = require('path').resolve
var sep = require('path').sep
/**
* Module exports.
* @public
*/
module.exports = resolvePath
/**
* Module variables.
* @private
*/
var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
/**
* Resolve relative path against a root path
*
* @param {string} rootPath
* @param {string} relativePath
* @return {string}
* @public
*/
function resolvePath (rootPath, relativePath) {
var path = relativePath
var root = rootPath
// root is optional, similar to root.resolve
if (arguments.length === 1) {
path = rootPath
root = process.cwd()
}
if (root == null) {
throw new TypeError('argument rootPath is required')
}
if (typeof root !== 'string') {
throw new TypeError('argument rootPath must be a string')
}
if (path == null) {
throw new TypeError('argument relativePath is required')
}
if (typeof path !== 'string') {
throw new TypeError('argument relativePath must be a string')
}
// containing NULL bytes is malicious
if (path.indexOf('\0') !== -1) {
throw createError(400, 'Malicious Path')
}
// path should never be absolute
if (pathIsAbsolute.posix(path) || pathIsAbsolute.win32(path)) {
throw createError(400, 'Malicious Path')
}
// path outside root
if (UP_PATH_REGEXP.test(normalize('.' + sep + path))) {
throw createError(403)
}
// resolve & normalize the root path
root = normalize(resolve(root) + sep)
// resolve the path
return resolve(root, path)
}