-
Notifications
You must be signed in to change notification settings - Fork 15
Add nodejs-file-upload sample #259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
lionello
wants to merge
1
commit into
main
Choose a base branch
from
lio/file-upload
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+91
−0
Draft
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Use an official Node runtime based on slim as a parent image | ||
| FROM node:20-slim | ||
|
|
||
| # Set the working directory to /app | ||
| WORKDIR /app | ||
|
|
||
| # Install curl and any other dependencies | ||
| RUN apt-get update \ | ||
| \ | ||
| && apt-get install -y --no-install-recommends \ | ||
| curl \ | ||
| && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Copy package.json and package-lock.json into the container at /app | ||
| COPY package*.json ./ | ||
|
|
||
| # Install any needed packages specified in package.json | ||
| RUN npm install | ||
|
|
||
| # Copy the current directory contents into the container | ||
| COPY . . | ||
|
|
||
| # Make port 3000 available to the world outside this container | ||
| EXPOSE 3000 | ||
|
|
||
| # Run the app when the container launches | ||
| ENTRYPOINT [ "node", "main.js" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| services: | ||
| service1: | ||
| restart: always | ||
| build: | ||
| context: . | ||
| dockerfile: Dockerfile | ||
| ports: | ||
| - mode: ingress | ||
| target: 3000 | ||
| published: 3000 | ||
| healthcheck: | ||
| test: ["CMD", "curl", "-f", "http://localhost:3000/"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,39 @@ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const express = require('express'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const multer = require('multer'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const fs = require('fs'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const path = require('path'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const app = express(); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| const upload = multer({ dest: 'uploads/' }); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| app.use(express.static('uploads')); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| app.get('/', (req, res) => { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| fs.readdir('uploads', (err, files) => { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| if (err) { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| return res.status(500).send('Unable to scan files!'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| } | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| let fileList = files.map(file => `<li><a href="/${file}">${file}</a></li>`).join(''); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| res.send(` | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <h1>File Upload</h1> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <form ref='uploadForm' | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id='uploadForm' | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| action='/' | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| method='post' | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| encType="multipart/form-data"> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <input type="file" name="file" /> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <input type='submit' value='Upload!' /> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| </form> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <h2>Uploaded Files</h2> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| <ul>${fileList}</ul> | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| `); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| }); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| }); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Comment on lines
+11
to
+31
Check failureCode scanning / CodeQL Missing rate limiting High
This route handler performs
a file system access Error loading related location Loading
Copilot AutofixAI 10 months ago To fix the problem, we need to introduce rate limiting to the Express application. The best way to do this is by using the We will:
Suggested changeset
2
samples/nodejs-file-upload/main.js
samples/nodejs-file-upload/package.json
Outside changed files
This fix introduces these dependencies
Copilot is powered by AI and may make mistakes. Always verify output.
Positive FeedbackNegative Feedback
Refresh and try again.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| app.post('/', upload.single('file'), (req, res) => { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| res.redirect('/'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| }); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| app.listen(3000, () => { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| console.log('Server started on port 3000'); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| }); | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| { | ||
| "name": "service1", | ||
| "version": "1.0.0", | ||
| "description": "", | ||
| "main": "main.js", | ||
| "scripts": { | ||
| "start": "exec node main.js" | ||
| }, | ||
| "dependencies": { | ||
| "express": "^4.17.1", | ||
| "multer": "^1.4.4" | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check failure
Code scanning / CodeQL
Stored cross-site scripting High
Copilot Autofix
AI 10 months ago
To fix the stored cross-site scripting vulnerability, we need to sanitize the filenames before using them to generate HTML content. The best way to do this is to use a library like
escape-htmlto escape any potentially dangerous characters in the filenames. This will ensure that any HTML tags or scripts in the filenames are rendered harmless.escape-htmllibrary.escape-htmllibrary in themain.jsfile.escape-htmlfunction to escape the filenames before embedding them in the HTML content.