fix: try to fix some codeql errors

Signed-off-by: Andrew Calcutt <acalcutt@techidiots.net>
2024-04-20 23:50:16 -04:00 · 2024-04-20 23:50:16 -04:00 · bae0d10799
commit bae0d10799
parent c08f8844f1
2 changed files with 25 additions and 18 deletions
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@ -46,7 +46,7 @@ import { renderOverlay, renderWatermark, renderAttribution } from './render.js';
 const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
 const PATH_PATTERN =
  /^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)/;
-const httpTester = /^(http(s)?:)?\/\//;
+const httpTester = /^https?:\/\//i;
 const mercator = new SphericalMercator();
 const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;
--- a/src/serve_style.js
+++ b/src/serve_style.js
@ -9,7 +9,7 @@ import { validateStyleMin } from '@maplibre/maplibre-gl-style-spec';
 import { getPublicUrl } from './utils.js';
-const httpTester = /^(http(s)?:)?\/\//;
+const httpTester = /^https?:\/\//i;
 const fixUrl = (req, url, publicUrl) => {
  if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) {
@ -59,8 +59,10 @@ export const serve_style = {
    app.get(
      '/:id/sprite(/:name)?:scale(@[23]x)?.:format([\\w]+)',
      (req, res, next) => {
        const name = req.params.name || 'sprite';
        const scale = req.params.scale || '';
        const format = req.params.format;
        const item = repo[req.params.id];
        const spriteName = req.params.name || 'sprite';
        if (!item || !item.spritePaths) {
          return res.sendStatus(404);
@ -68,7 +70,7 @@ export const serve_style = {
        let spritePath;
        for (const sprite of item.spritePaths) {
-          if (sprite.name === spriteName) {
+          if (sprite.name === name) {
            spritePath = sprite.path;
          }
        }
@ -77,9 +79,13 @@ export const serve_style = {
          return res.sendStatus(404);
        }
-        const scale = req.params.scale;
+        const filename = `${spritePath + scale}.${format}`;
-        const format = req.params.format;
+        if (format !== 'png' && format !== 'json') {
-        const filename = `${spritePath + (scale || '')}.${format}`;
+          return res
            .sendStatus(400)
            .send('Invalid format. Please use png or json.');
        } else {
          // eslint-disable-next-line security/detect-non-literal-fs-filename
          return fs.readFile(filename, (err, data) => {
            if (err) {
              console.log('Sprite load error:', filename);
@ -91,6 +97,7 @@ export const serve_style = {
              return res.send(data);
            }
          });
        }
      },
    );