samuelkarani/audit-file-filtering.js

## audit-file-filtering.js
const formidable = require("formidable");
const path = require("path");

const smallest = 100;
const largest = 10 * 1000 * 1000;
const bannedExtensions = [".js", ".html", ".txt", ".exe", ".rtf", ".vbs", ".zip"];
const bannedMimeTypes = [
  "text/plain",
  "text/html",
  "text/css",
  "text/javascript",
  "text/markdown",
  "application/x-javascript",
  "application/javascript",
  "application/octet-stream",
];

app.post("/upload", (req, res) => {
  const form = new formidable.IncomingForm();
  form.parse(req, function (err, fields, files) {
    if (err) {
      res.status(500).end();
    } else {
      const { mimetype, size, originalFilename } = files.upload;
      const ext = path.extname(originalFilename);
      if (
        bannedMimeTypes.includes(mimetype) ||
        bannedExtensions.includes(ext) ||
        size < smallest ||
        size > largest
      ) {
        res.status(400).end();
      } else {
        res.status(200).end();
      }
    }
  });
});
	const formidable = require("formidable");
	const path = require("path");

	const smallest = 100;
	const largest = 10 * 1000 * 1000;
	const bannedExtensions = [".js", ".html", ".txt", ".exe", ".rtf", ".vbs", ".zip"];
	const bannedMimeTypes = [
	"text/plain",
	"text/html",
	"text/css",
	"text/javascript",
	"text/markdown",
	"application/x-javascript",
	"application/javascript",
	"application/octet-stream",
	];

	app.post("/upload", (req, res) => {
	const form = new formidable.IncomingForm();
	form.parse(req, function (err, fields, files) {
	if (err) {
	res.status(500).end();
	} else {
	const { mimetype, size, originalFilename } = files.upload;
	const ext = path.extname(originalFilename);
	if (
	bannedMimeTypes.includes(mimetype) \|\|
	bannedExtensions.includes(ext) \|\|
	size < smallest \|\|
	size > largest
	) {
	res.status(400).end();
	} else {
	res.status(200).end();
	}
	}
	});
	});