From 42f53c2baeecf2b5830aaf31eb7535d034b7d214 Mon Sep 17 00:00:00 2001 From: Joe Biellik Date: Mon, 27 Jul 2020 19:16:46 +0100 Subject: [PATCH] Check for binary files --- controllers/pastes.js | 8 +++++++- package-lock.json | 5 +++++ package.json | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/controllers/pastes.js b/controllers/pastes.js index 296dc5e..3c21fd7 100644 --- a/controllers/pastes.js +++ b/controllers/pastes.js @@ -1,5 +1,6 @@ const config = require('config'); const fs = require('fs').promises; +const isBinaryFile = require('isbinaryfile').isBinaryFile; const Paste = require('../models/paste'); module.exports = { @@ -40,7 +41,12 @@ module.exports = { path = ctx.request.files.paste.path; } - ctx.request.body.paste = await fs.readFile(path); + const data = await fs.readFile(path); + const stat = await fs.lstat(path); + + if (isBinaryFile(data, stat.size)) ctx.throw(); + + ctx.request.body.paste = data; try { await fs.unlink(path); diff --git a/package-lock.json b/package-lock.json index b50c97e..6b9a75f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1457,6 +1457,11 @@ "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" }, + "isbinaryfile": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/isbinaryfile/-/isbinaryfile-4.0.6.tgz", + "integrity": "sha512-ORrEy+SNVqUhrCaal4hA4fBzhggQQ+BaLntyPOdoEiwlKZW9BZiJXjg3RMiruE4tPEI3pyVPpySHQF/dKWperg==" + }, "isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", diff --git a/package.json b/package.json index 9f1d1c8..c57200f 100644 --- a/package.json +++ b/package.json @@ -24,6 +24,7 @@ "dependencies": { "bytes": "^3.1.0", "config": "^3.3.1", + "isbinaryfile": "^4.0.6", "koa": "^2.13.0", "koa-body": "^4.2.0", "koa-compress": "^5.0.1",