feat: MOEN-25262 webSDK NPM module framework#28
Conversation
nawazMoEngage
left a comment
nawazMoEngage
left a comment
There was a problem hiding this comment.
Added link for this repo in the main Readme.md file
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const app = express(); | ||
| app.use(favicon(__dirname + '/public/favicon.png')); | ||
| // the __dirname is the current directory from where the script is running | ||
| app.use(express.static(__dirname)); |
Check warning
Code scanning / CodeQL
Exposure of private files
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI over 1 year ago
To fix the problem, we should limit the exposure of static files by serving only specific directories that are meant to be public. Instead of serving the entire directory, we can specify the exact folders that contain the static assets (e.g., public).
- Identify the specific folders that need to be served as static files.
- Replace the line
app.use(express.static(__dirname))with lines that serve only the necessary directories. - Ensure that sensitive directories like
node_modulesare not exposed.
| @@ -7,3 +7,3 @@ | ||
| // the __dirname is the current directory from where the script is running | ||
| app.use(express.static(__dirname)); | ||
| app.use(express.static(path.join(__dirname, 'public'))); | ||
|
|
| app.get('*', (req, res) => { | ||
| res.sendFile(path.resolve(__dirname, 'index.html')); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI over 1 year ago
To fix the problem, we will introduce rate limiting to the Express application using the express-rate-limit package. This package allows us to limit the number of requests a client can make to the server within a specified time window. We will configure the rate limiter to allow a maximum of 100 requests per 15 minutes and apply it to all routes.
Steps to fix:
- Install the
express-rate-limitpackage. - Import the
express-rate-limitpackage in thenode-module-app/server.jsfile. - Configure the rate limiter with appropriate settings.
- Apply the rate limiter to the Express application.
| @@ -4,2 +4,3 @@ | ||
| const port = process.env.PORT || 8080; | ||
| const RateLimit = require('express-rate-limit'); | ||
| const app = express(); | ||
| @@ -9,2 +10,11 @@ | ||
|
|
||
| // set up rate limiter: maximum of 100 requests per 15 minutes | ||
| const limiter = RateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // max 100 requests per windowMs | ||
| }); | ||
|
|
||
| // apply rate limiter to all requests | ||
| app.use(limiter); | ||
|
|
||
| // send the user to index html page inspite of the url |
| @@ -22,3 +22,4 @@ | ||
| "webpack-cli": "^3.1.0", | ||
| "webpack-dev-server": "^3.1.5" | ||
| "webpack-dev-server": "^3.1.5", | ||
| "express-rate-limit": "^7.4.1" | ||
| } |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 7.4.1 | None |
3 participants
No description provided.