Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: try to fix some codeql errors

Browse source 
Signed-off-by: Andrew Calcutt <acalcutt@techidiots.net>
This commit is contained in:
Andrew Calcutt 2024-04-20 23:50:16 -04:00 committed by acalcutt
parent c08f8844f1
commit bae0d10799
2 changed files with 25 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/serve_rendered.js
View file

@ -46,7 +46,7 @@ import { renderOverlay, renderWatermark, renderAttribution } from './render.js';
const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)'; const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
const PATH_PATTERN = const PATH_PATTERN =
/^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)/; /^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)/;
const httpTester = /^(http(s)?:)?\/\//; const httpTester = /^https?:\/\//i;
const mercator = new SphericalMercator(); const mercator = new SphericalMercator();
const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0; const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;

41
src/serve_style.js
View file

@ -9,7 +9,7 @@ import { validateStyleMin } from '@maplibre/maplibre-gl-style-spec';
import { getPublicUrl } from './utils.js'; import { getPublicUrl } from './utils.js';
const httpTester = /^(http(s)?:)?\/\//; const httpTester = /^https?:\/\//i;
const fixUrl = (req, url, publicUrl) => { const fixUrl = (req, url, publicUrl) => {
if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) { if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) {
@ -59,8 +59,10 @@ export const serve_style = {
app.get( app.get(
'/:id/sprite(/:name)?:scale(@[23]x)?.:format([\\w]+)', '/:id/sprite(/:name)?:scale(@[23]x)?.:format([\\w]+)',
(req, res, next) => { (req, res, next) => {
const name = req.params.name || 'sprite';
const scale = req.params.scale || '';
const format = req.params.format;
const item = repo[req.params.id]; const item = repo[req.params.id];
const spriteName = req.params.name || 'sprite';
if (!item || !item.spritePaths) { if (!item || !item.spritePaths) {
return res.sendStatus(404); return res.sendStatus(404);
@ -68,7 +70,7 @@ export const serve_style = {
let spritePath; let spritePath;
for (const sprite of item.spritePaths) { for (const sprite of item.spritePaths) {
if (sprite.name === spriteName) { if (sprite.name === name) {
spritePath = sprite.path; spritePath = sprite.path;
} }
} }
@ -77,20 +79,25 @@ export const serve_style = {
return res.sendStatus(404); return res.sendStatus(404);
} }
const scale = req.params.scale; const filename = `${spritePath + scale}.${format}`;
const format = req.params.format; if (format !== 'png' && format !== 'json') {
const filename = `${spritePath + (scale || '')}.${format}`; return res
return fs.readFile(filename, (err, data) => { .sendStatus(400)
if (err) { .send('Invalid format. Please use png or json.');
console.log('Sprite load error:', filename); } else {
return res.sendStatus(404); // eslint-disable-next-line security/detect-non-literal-fs-filename
} else { return fs.readFile(filename, (err, data) => {
if (format === 'json') if (err) {
res.header('Content-type', 'application/json'); console.log('Sprite load error:', filename);
if (format === 'png') res.header('Content-type', 'image/png'); return res.sendStatus(404);
return res.send(data); } else {
} if (format === 'json')
}); res.header('Content-type', 'application/json');
if (format === 'png') res.header('Content-type', 'image/png');
return res.send(data);
}
});
}
}, },
); );