added invalid suffix check to ldp and test in http-test

nodeSolidServer · Mar 22, 2024 · 51163e9 · 51163e9
1 parent 4becb86
commit 51163e9
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/lib/ldp.js b/lib/ldp.js
@@ -148,11 +148,15 @@ class LDP {
     // prepare slug
     if (slug) {
       if (this.isAuxResource(slug, extension)) throw error(403, 'POST is not allowed for auxiliary resources')
+      if (this._containsInvalidSuffixes(slug)) {
+        throw error(400, `${slug} is an invalid file path`)
+      }
       slug = decodeURIComponent(slug)
       if (slug.match(/\/|\||:/)) {
         throw error(400, 'The name of new file POSTed may not contain : | or /')
       }
     }
+
     // Containers should not receive an extension
     if (container) {
       extension = ''

diff --git a/test/integration/http-test.js b/test/integration/http-test.js
@@ -891,6 +891,13 @@ describe('HTTP APIs', function () {
         .set('content-type', 'text/turtle')
         .expect(403, done)
     })
+    it('should error with 400 if slug contains invalid suffix', function (done) {
+      server.post('/post-tests/')
+        .set('slug', 'put-resource.acl.ttl')
+        .send(postRequest1Body)
+        .set('content-type', 'text-turtle')
+        .expect(400, done)
+    })
     it('should error with 400 if the body is empty and no content type is provided', function (done) {
       server.post('/post-tests/')
         .set('slug', 'post-resource-empty-fail')