Fix security issue (#61)

[arpit2297]

Added a method to check for malicious inputs

Issue: #61

Added a test to check for malicious input to test the sanitize_path function

[DEGoodmanWilson]

Aw, this is great, thank you! Would you mind adding some testing around this as well?

[DEGoodmanWilson]

Also, it looks like your changes are causing tests to fail 😢

[arpit2297]

I'm not able to get the build setup. I'm running the server on a docker container using the following commands:

docker build -t awesomesauce .
docker run -p 8080:80 awesomesauce

which tells me that the server is running on port 80, with localhost (0.0.0.0) forwarding connections from port 8080 to 80 on the server. When I try

curl -v http://localhost:8080/static/main.cpp

I get no response from the server.

*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /static/main.cpp HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.54.0
> Accept: */*
> 
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server

[DEGoodmanWilson]

That was a mistake in the documentation! I have updated the Dockerfile so that the documentation is correct ;) Take a look at the latest commits on master

The biggest change is that the correct command is in fact
docker run -p 8080:8080 awesomesauce

[DEGoodmanWilson]

Sorry, small favor to ask because I changed something in the way that the branches are organized. Would you mind rebasing from DEGoodmanWilson:master?

[DEGoodmanWilson]

This is looking really great, thank you for your hard work! I found a place where we can optimize the reconstruction of the sanitized path from the stack—see the review details. Also—and this is absolutely my fault—can you rebase from DEGoodmanWilson:master? I'm reorganizing how the branches work, and trying to return to a mode where mainline development is performed on master, rather than starting from the last release.

[DEGoodmanWilson]

From line 103 forward, we can simplify:

    // Build final path from stack
    while (not stk.empty())
    {
        final_path = stk.top()+delimeter+final_path;
        stk.pop();
    }

    // remove trailing '/'
    final_path.pop_back();

    return final_path;

[arpit2297]

Made the changes, and also rebased from your master branch as well. Let me know if its good to merge in! :)

[DEGoodmanWilson]

Thanks again for being so patient with this review. I'm really excited that you've chipped in! I've left a comment on your latest revisions, which are quite thoughtful. But I'm going to approve the PR because a) you've written the key tests and b) they pass. Everything else is icing at this point, so if you want to address the remaining comment, feel free, otherwise I will merge this in tomorrow.

[arpit2297]

Please merge whenever you wish to! :) Thanks for the support with this issue!