2020-06-30 12:50:28 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
https://www.npmjs.com/package/serve-static[Express.js serve-static] middleware:
2021-02-02 15:02:10 +01:00
2020-06-30 12:50:28 +02:00
----
let serveStatic = require("serve-static");
let app = express();
let serveStaticMiddleware = serveStatic('public', { 'index': false, 'dotfiles': 'allow'}); // Sensitive
app.use(serveStaticMiddleware);
----
== Compliant Solution
https://www.npmjs.com/package/serve-static[Express.js serve-static] middleware:
2021-02-02 15:02:10 +01:00
2020-06-30 12:50:28 +02:00
----
let serveStatic = require("serve-static");
let app = express();
let serveStaticMiddleware = serveStatic('public', { 'index': false, 'dotfiles': 'ignore'}); // Compliant: ignore or deny are recommended values
2020-12-21 15:38:52 +01:00
let serveStaticDefault = serveStatic('public', { 'index': false}); // Compliant: by default, "dotfiles" (file or directory that begins with a dot) are not served (with the exception that files within a directory that begins with a dot are not ignored), see serve-static module documentation
2020-06-30 12:50:28 +02:00
app.use(serveStaticMiddleware);
----
include::../see.adoc[]
