#1977

Build # #1977

Build Type

push

Committed by

Commit Message

Fix issue with truncated debugger paths

Run Details

999 of 1900 branches covered (52.58%)

Branch coverage included in aggregate %.

2082 of 3571 relevant lines covered (58.3%)

16.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

13.73

/src/ComponentLibraryServer.ts

import * as fs from 'fs';
import * as http from 'http';
import * as os from 'os';
import * as path from 'path';
import * as url from 'url';

import { util } from './util';

export class ComponentLibraryServer {

    public componentLibrariesOutDir: string;

    private server: http.Server;

    public async startStaticFileHosting(componentLibrariesOutDir: string, port: number, sendDebugLogLine) {

        // Make sure the requested port is not already being used by another service
        if (await util.isPortInUse(port)) {
            throw new Error(`Could not host component library files.\nPort ${port} is currently occupied.`);
        }

        this.componentLibrariesOutDir = componentLibrariesOutDir;

        // prepare static file hosting
        // maps file extension to MIME types
        const mimeType = {
            '.ico': 'image/x-icon',
            '.html': 'text/html',
            '.js': 'text/javascript',
            '.json': 'application/json',
            '.css': 'text/css',
            '.png': 'image/png',
            '.jpg': 'image/jpeg',
            '.wav': 'audio/wav',
            '.mp3': 'audio/mpeg',
            '.svg': 'image/svg+xml',
            '.pdf': 'application/pdf',
            '.doc': 'application/msword',
            '.eot': 'appliaction/vnd.ms-fontobject',
            '.ttf': 'aplication/font-sfnt',
            '.zip': 'application/zip'
        } as Record<string, string>;

        this.server = http.createServer((req, res) => {
            sendDebugLogLine(`${req.method} ${req.url}`);

            // parse URL
            const parsedUrl = url.parse(req.url);

            // extract URL path
            // Avoid https://en.wikipedia.org/wiki/Directory_traversal_attack
            // e.g curl --path-as-is http://localhost:9000/../fileInDanger.txt
            // by limiting the path to component libraries out directory only
            const sanitizePath = path.normalize(parsedUrl.pathname).replace(/^(\.\.[\/\\])+/, '');
            let pathname = path.join(this.componentLibrariesOutDir, sanitizePath);

            fs.exists(pathname, (exist) => {
                if (!exist) {
                    // if the file is not found, return 404
                    res.statusCode = 404;
                    res.end(`File ${pathname} not found!`);
                    return;
                }

                // if is a directory
                // if (fs.statSync(pathname).isDirectory()) {
                // TODO: add support for directory listing
                // }

                // read file from file system
                fs.readFile(pathname, (err, data) => {
                    if (err) {
                        res.statusCode = 500;
                        res.end(`Error getting the file: ${err}.`);
                    } else {
                        // based on the URL path, extract the file extension. e.g. .js, .doc, ...
                        const ext = path.parse(pathname).ext;
                        // if the file is found, set Content-type and send data
                        res.setHeader('Content-type', mimeType[ext] || 'text/plain');
                        res.end(data);
                    }
                });
            });

        }).listen(port);

        sendDebugLogLine(`Server listening on port ${port}`);

        // print possible IP addresses that may be the users local ip
        let ifaces = os.networkInterfaces();
        for (const ifname of Object.keys(ifaces)) {
            for (const iface of ifaces[ifname]) {
                if (iface.family !== 'IPv4' || iface.internal !== false) {
                    // skip over internal (i.e. 127.0.0.1) and non-ipv4 addresses
                    return;
                }

                sendDebugLogLine(`Potential target ip for component libraries: ${iface.address}`);
            }
        }
    }

    /**
     * Stop the server (if it's running)
     */
    public stop() {
        if (this.server) {
            this.server.close();
        }
    }
}

1	import * as fs from 'fs';	1✔
2	import * as http from 'http';	1✔
3	import * as os from 'os';	1✔
4	import * as path from 'path';	1✔
5	import * as url from 'url';	1✔
6
7	import { util } from './util';	1✔
8
9	export class ComponentLibraryServer {	1✔
10
11	public componentLibrariesOutDir: string;
12
13	private server: http.Server;
14
15	public async startStaticFileHosting(componentLibrariesOutDir: string, port: number, sendDebugLogLine) {
16
17	// Make sure the requested port is not already being used by another service
18	if (await util.isPortInUse(port)) {	×
19	throw new Error(`Could not host component library files.\nPort ${port} is currently occupied.`);	×
20	}
21
22	this.componentLibrariesOutDir = componentLibrariesOutDir;	×
23
24	// prepare static file hosting
25	// maps file extension to MIME types
26	const mimeType = {	×
27	'.ico': 'image/x-icon',
28	'.html': 'text/html',
29	'.js': 'text/javascript',
30	'.json': 'application/json',
31	'.css': 'text/css',
32	'.png': 'image/png',
33	'.jpg': 'image/jpeg',
34	'.wav': 'audio/wav',
35	'.mp3': 'audio/mpeg',
36	'.svg': 'image/svg+xml',
37	'.pdf': 'application/pdf',
38	'.doc': 'application/msword',
39	'.eot': 'appliaction/vnd.ms-fontobject',
40	'.ttf': 'aplication/font-sfnt',
41	'.zip': 'application/zip'
42	} as Record<string, string>;
43
44	this.server = http.createServer((req, res) => {	×
45	sendDebugLogLine(`${req.method} ${req.url}`);	×
46
47	// parse URL
48	const parsedUrl = url.parse(req.url);	×
49
50	// extract URL path
51	// Avoid https://en.wikipedia.org/wiki/Directory_traversal_attack
52	// e.g curl --path-as-is http://localhost:9000/../fileInDanger.txt
53	// by limiting the path to component libraries out directory only
54	const sanitizePath = path.normalize(parsedUrl.pathname).replace(/^(\.\.[\/\\])+/, '');	×
55	let pathname = path.join(this.componentLibrariesOutDir, sanitizePath);	×
56
57	fs.exists(pathname, (exist) => {	×
58	if (!exist) {	×
59	// if the file is not found, return 404
60	res.statusCode = 404;	×
61	res.end(`File ${pathname} not found!`);	×
62	return;	×
63	}
64
65	// if is a directory
66	// if (fs.statSync(pathname).isDirectory()) {
67	// TODO: add support for directory listing
68	// }
69
70	// read file from file system
71	fs.readFile(pathname, (err, data) => {	×
72	if (err) {	×
73	res.statusCode = 500;	×
74	res.end(`Error getting the file: ${err}.`);	×
75	} else {
76	// based on the URL path, extract the file extension. e.g. .js, .doc, ...
77	const ext = path.parse(pathname).ext;	×
78	// if the file is found, set Content-type and send data
79	res.setHeader('Content-type', mimeType[ext] \|\| 'text/plain');	×
80	res.end(data);	×
81	}
82	});
83	});
84
85	}).listen(port);
86
87	sendDebugLogLine(`Server listening on port ${port}`);	×
88
89	// print possible IP addresses that may be the users local ip
90	let ifaces = os.networkInterfaces();	×
91	for (const ifname of Object.keys(ifaces)) {	×
92	for (const iface of ifaces[ifname]) {	×
93	if (iface.family !== 'IPv4' \|\| iface.internal !== false) {	×
94	// skip over internal (i.e. 127.0.0.1) and non-ipv4 addresses
95	return;	×
96	}
97
98	sendDebugLogLine(`Potential target ip for component libraries: ${iface.address}`);	×
99	}
100	}
101	}
102
103	/**
104	* Stop the server (if it's running)
105	*/
106	public stop() {
107	if (this.server) {	×
108	this.server.close();	×
109	}
110	}
111	}

rokucommunity / roku-debug / #1977

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous