From d60a6e7bad94c12977141c76dd9d48c650a9c303 Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Tue, 30 Jul 2024 17:03:40 +0200
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 block_res/server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/block_res/server.js b/block_res/server.js
index ffb9e68..d6e2763 100644
--- a/block_res/server.js
+++ b/block_res/server.js
@@ -11,6 +11,11 @@ const port = 3000;
 // var pageHtml = require('./test.html');
 
 const server = http.createServer((req, res) => {
+    if (path.normalize(decodeURI(req.url)) !== decodeURI(req.url)) {
+        res.statusCode = 403;
+        res.end();
+        return;
+    }
   res.statusCode = 200;
 
   var url = req.url === '/' ? '/test.html' : req.url;