Skip to content

Instantly share code, notes, and snippets.

Created July 17, 2017 10:15
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
WARNING: Example of nodejs app with directory traversal attack
var restify = require('restify');
var fs = require('fs');
var restifyPlugins = require('restify-plugins');
var server = restify.createServer();
server.listen(process.env.port || process.env.PORT || 3978, function () {
console.log('%s listening to %s',, server.url);
//Do some initialization here ....
// Get data from storage or cache etc
isServerReady = true;
server.get("/termsandconditions", function(req, res, next){
let name = req.query.version;
let fileContent = fs.readFileSync('termsandconditions/' + name).toString()
res.send(200, fileContent);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment