Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

codeql for sprite logging

Browse source
This commit is contained in:
acalcutt 2025-01-03 23:28:28 -05:00
parent 5f85802aed
commit b825c9a21b
1 changed files with 31 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
src/serve_style.js
View file

@ -102,37 +102,52 @@ export const serve_style = {
const { spriteID = 'default', id, format, scale } = req.params; const { spriteID = 'default', id, format, scale } = req.params;
if (verbose) { if (verbose) {
console.log( console.log(
`Handling sprite request for: /styles/${id}/sprite/${spriteID}${scale ? scale : ''}${format ? '.' + format : ''}`, `Handling sprite request for: /styles/%s/sprite/%s%s%s`,
id,
spriteID,
scale ? scale : '',
format ? '.' + format : '',
); );
} }
const item = repo[id]; const item = repo[id];
const spriteScale = allowedSpriteScales(scale); const validatedFormat = allowedSpriteFormats(format);
if (!item || !allowedSpriteFormats(format) || spriteScale === null) { if (!item || !validatedFormat) {
if (verbose) if (verbose)
console.error( console.error(
`Sprite item, format, or scale not found for: /styles/${id}/sprite/${spriteID}${scale ? scale : ''}${format ? '.' + format : ''}`, `Sprite item, format, or scale not found for: /styles/%s/sprite/%s%s%s`,
id,
spriteID,
scale ? scale : '',
format ? '.' + format : '',
); );
return res.sendStatus(404); return res.sendStatus(404);
} }
const spriteScale = allowedSpriteScales(scale);
const sprite = item.spritePaths.find((sprite) => sprite.id === spriteID); const sprite = item.spritePaths.find((sprite) => sprite.id === spriteID);
if (!sprite) { if (!sprite || spriteScale === null) {
if (verbose) if (verbose)
console.error( console.error(
`Sprite not found for: /styles/${id}/sprite/${spriteID}${scale ? scale : ''}${format ? '.' + format : ''}`, `Sprite not found for: /styles/%s/sprite/%s%s%s`,
id,
spriteID,
scale ? scale : '',
format ? '.' + format : '',
); );
return res.status(400).send('Bad Sprite ID or Scale'); return res.status(400).send('Bad Sprite ID or Scale');
} }
const filename = `${sprite.path}${spriteScale}.${format}`; const filename = `${sprite.path}${spriteScale}.${validatedFormat}`;
if (verbose) console.log(`Loading sprite from: ${filename}`); if (verbose) console.log(`Loading sprite from: %s`, filename);
// eslint-disable-next-line security/detect-non-literal-fs-filename // eslint-disable-next-line security/detect-non-literal-fs-filename
fs.readFile(filename, (err, data) => { fs.readFile(filename, (err, data) => {
if (err) { if (err) {
if (verbose) if (verbose)
console.error('Sprite load error: %s, Error: %s', filename, err); console.error(
'Sprite load error: %s, Error: %s',
filename,
String(err),
);
return res.sendStatus(404); return res.sendStatus(404);
} }
@ -143,7 +158,11 @@ export const serve_style = {
} }
if (verbose) if (verbose)
console.log( console.log(
`Responding with sprite data for /styles/${id}/sprite/${spriteID}${scale ? scale : ''}${format ? '.' + format : ''}`, `Responding with sprite data for /styles/%s/sprite/%s%s%s`,
id,
spriteID,
scale ? scale : '',
format ? '.' + format : '',
); );
return res.send(data); return res.send(data);
}); });