ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2598/javascript/rule.adoc
Arseniy Zaostrovnykh 716b335a56 Enable forced linebreaks in quotes; escape -- in url
2021-02-02 16:54:43 +01:00

66 lines
1.5 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
https://www.npmjs.com/package/formidable[formidable] module:
----
const Formidable = require('formidable');
const form = new Formidable(); // Noncompliant, this form is not safe
form.uploadDir = ""; // because upload dir is not defined (by default os temp dir: /var/tmp or /tmp)
form.keepExtensions = true; // and file extensions are kept
----
https://www.npmjs.com/package/multer[multer] (Express.js middleware) module:
----
const multer = require('multer');
let diskStorage = multer.diskStorage({ // Noncompliant: no destination specified
filename: (req, file, cb) => {
const buf = crypto.randomBytes(20);
cb(null, buf.toString('hex'))
}
});
// This upload is not safe as no destination specified, /var/tmp or /tmp will be used
let diskupload = multer({
storage: diskStorage,
});
----
== Compliant Solution
https://www.npmjs.com/package/formidable[formidable] module:
----
const Formidable = require('formidable');
const form = new Formidable(); // Compliant
form.uploadDir = "./uploads/";
form.keepExtensions = false;
----
https://www.npmjs.com/package/multer[multer] (Express.js middleware) module:
----
const multer = require('multer');
let diskStorage = multer.diskStorage({ // Compliant
filename: (req, file, cb) => {
const buf = crypto.randomBytes(20);
cb(null, buf.toString('hex'))
},
destination: (req, file, cb) => {
cb(null, './uploads/')
}
});
let diskupload = multer({
storage: diskStorage,
});
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink