juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import path = require('path')
7
import { type Request, type Response, type NextFunction } from 'express'
8

9
module.exports = function serveQuarantineFiles () {
10
  return ({ params, query }: Request, res: Response, next: NextFunction) => {
11
    const file = params.file
12

13
    if (!file.includes('/')) {
14
      res.sendFile(path.resolve('ftp/quarantine/', file))
15
    } else {
16
      res.status(403)
17
      next(new Error('File names cannot contain forward slashes!'))
18
    }
19
  }
20
}
21