I have my script all ready for my server except a variable is not loading on the server because it seems the file system doesn't interpret the path in the same way on the server (Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic). When I test my server locally on OS X 10.11.1 it all works fine but on the server the file cannot be found.
var jsonHourlyFile = './data/jsonHourly.json';
console.log(jsonHourlyFile);
console.log(fs.existsSync(jsonHourlyFile));
if (fs.existsSync(jsonHourlyFile)) { //Why was this in the function in the first place...?
console.log("loaded JsonHourlyFile")
var jsonHourly = jsonfile.readFileSync(jsonHourlyFile);
} else {
var jsonHourly = JSON;
console.log("jsonHourlyFile not found!")
}
This Returns true on my computer and false on the server. I've copied all the file correctly to the server using FileZilla and can confirm they are there.
I suspect it has to do with the file path. Though I thought that using ./ will always point to the right map. Who could elaborate on this?
I must comment on your last sentence :
"Though I thought that using ./ will always point to the right map."
This is not true. What ./ means, is "in this directory", i.e. where the script is executed.
On you local machine, you say your script is executed in /Users/me/WebstormProjects/WebTest, which means that your JSON file should be located in /Users/me/WebstormProjects/WebTest/data/. We know this is true since the script works on your machine.
Now, on the server, you say the script is executed in /root/WebTest/bin. So unless there is a data/ folder in that particular directory, which contains your JSON file (who's path would therefore be /root/WebTest/bin/data/jsonHourly.json), your program will not execute as expected.
There are many ways to solve this, I couldn't tell which one is the best. You just need to make sure that your local machine and the server have the correct paths to the file, which can be very different considering both Operating Systems aren't the same.
More about paths on Wikipedia.
Related
I've been following this Suave tutorial:
https://legacy.gitbook.com/book/theimowski/suave-music-store/details
And in general this looks good. However, I was trying to make it work with Linux and for some reason I was unable to compile it with code when TargetFramework was set to "net461" (Target Framework not found), so I tried changing it to "netcoreapp2.0". It compiled, but I hit a problem later on:
https://theimowski.gitbooks.io/suave-music-store/content/en/css.html
At the end it says to add a WebPart:
pathRegex "(.*)\.(css|png)" >=> Files.browseHome
which fails for me. All compiles, but I get
This page isn’t working
localhost didn’t send any data.
I took a look at Suave's source code and it turned out that "Files.browseHome" searches for a file under "ctx.runtime.homeDirectory".
I noticed that this is set on my machine to:
/home/<my_user_name>/.nuget/packages/suave/2.2.1/lib/netstandard1.6
and obviously, that's not my project directory, so no wonder it couldn't find the file.
My question here is: what shall I do in order to make my Suave app handle my css/png files correctly using Files.browseHome ?
EDIT:
Just found out that replacing the WebPart with:
pathRegex "(.*)\.(css|png)" >=> Files.browse "/home/<my_username>/<path_to_my_project>/bin/Debug/netcoreapp2.0/"
works fine, but it looks ugly. Any idea how to make it better ? Basically I don't want to be forced to hardcode the absolute path anywhere.
I think the answer is to be found in https://suave.io/files.html, which suggests creating a config as follows:
let config =
{ defaultConfig with homeFolder = Some (Path.GetFullPath "./public") }
The path returned by Path.GetFullPath will depend on the current working directory that your app sees when it's started (which will, in turn, depend on how you start the app: from the command line, from a systemd unit file, etc.) There are too many possible variables here for me to be able to give you exact instructions, but if your startup method can cd into an appropriate folder before starting your Suave server, then that should solve your problem.
If you run into difficulties with getting the current working directory set correctly, then you could just hardcode the full path in the config:
let config =
{ defaultConfig with homeFolder = Some "/home/<your_username>/<path_to_your_project>/bin/Debug/netcoreapp2.0/" }
But that's kind of ugly, and not really portable (you'd have to modify that path again once you deploy the app). So I'd recommend the approach of making sure your start script does a cd to the right location, then using Path.GetFullPath with a relative path. Alternately, you could have a config file that gets read in at app startup where you specify the home path, or pass it in as an environment variable... All kinds of possibilities. Just make sure that your code can be handed some information on startup that specifies the correct "home" folder, and then put that in your Suave config as I've shown, and that should solve it.
After I uploaded my Typo3-Website onto a linux server and tryed to call the homepage, I get the error: "Could not load layout file. Tried following paths: "/Main.html", "/Main" "
I checked the correct spelling (uppercase) of my layout file: It seems to be correct and in the right place. Any ideas?
Thanks a lot. I have checked the file paths and noticed I had to delete the two slashes after the equal signs.
This works on a windows platform:
partialRootPath = /fileadmin/Private/Partials/
layoutRootPath = /fileadmin/Private/Layouts
But on a linux server it has to look this way:
partialRootPath = fileadmin/Private/Partials/
layoutRootPath = fileadmin/Private/Layouts
You seem to be using TYPO3 before 7 and the StandaloneView. In this case, identify in your code where you use this view and check the calls to setTemplatePathAndFilename or the templateRootPath. You are probably having an issue with the root path being set to something that does not exist.
This might be a situation of incompatible cAsiNg of the directory name. This is especially possible if you are testing locally on MacOS (case insensitive) and then uploading to Linux (case sensitive).
If this does not help, please provide us with more information about your scenario (code, settings, environment where it works, etc).
I've been going slightly crazy trying to figure this out. I have some certs that I need to pass through to an authentication client from my api; however, the application continues to throw ENOENT exceptions even though the file clearly exists within the same directory (I've fiddled with this to make sure). I'm using readFileSync, effectively doing the following:
key: fs.readFileSync('./privateKey.pem'),
Strangely, if I run this on a standalone Node server not as a part of an api, the file is able to be found without a problem. Is there some consideration I'm not aware of when trying to use readFileSync in such a scenario?
Thanks!
In node you need to be very careful with relative file paths. The only place where I'd ever really use them is in require('./_____') statements, where ./ to mean "relative to this file". However, require is kind of a special case because it is a function that node automatically creates per-file, so it knows the path of the current file.
In general, standard functions have no way of knowing the directory containing the script that happened to call a function, so in almost all cases, ./ means relative to the current working directory (the directory you were in when you ran node <scriptname>.js). The only time that is not the case is if your script or a module you use explicitly calls process.chdir to set the working directory to something else. The correct way to reference files relative to the current script file is to explicitly use an absolute path by using __dirname + '/file.js'.
I am currently using RStudio-server on Linux redhat. One nice feature of RStudio-server is that I can export from the server to my Windows desktop. Does anyone know the code behind the export drop-down?
The export function can be found via the Files tab:
(More >> Export...)
I would like use code to automate the exporting of objects. I figured I should be able to perform this export using the system function, but I am having trouble.
Thanks for any help.
I think this post might help you,
Spacedman explains that you can trigger the export by the use of the R function "browseURL", with the URL parameter replaced by the ftp path to the file.
If you absolutely want to trigger this export with a system command, perhaps you could create an R script taking as parameter the file to export and launch that script with the system() function =) Although I can't see clearly the advantages of such a process.
[edit] : After having tried it today, I realise my answer wasn't complete :
If you try the function browseURL on files such as "whateverRscript.r", it will display it in a tab of your browser, rather than trigger the download.
In order to actually make your browser download this kind of file, maybe you can zip it first.
To complete the automation process, just change the parameters of your browser such that it won't "ask everytimes where to stock the downloaded files"
This is what worked for me: run it on Server side. Working browser is required (I used Chrome)
my_data_file_name <- "data.RData"
# set file name
save(Data, file=my_data_file_name)
# save data to file
current_dir <- getwd()
# capture current working directory on server
my_export_file_path <- paste0(current_dir, '/', my_data_file_name)
# create a path for file to export
browseURL(my_export_file_path)
# export to local disk using browser's capabilities
I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available.
Ideal would be if I could somehow encode ../ in the path of somepage.jsp so that it gets extracted in the web riot directory of the Web App. Is this possible? Are there maybe any escape sequences that would translate to ../ after extracting?
Any ideas would be highly appreciated.
Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...
Sorry about the downvotes. Security is very important, and should be taught.
Do you pass in the file name to be used?
The check that the server does is probably something something like If location starts with "/tmp" then allow it. So what you want to do is pass `/tmp/../home/webapp/"?
Another idea would be to see if you could craft a zip file that would result in the contents being moved up - like if you set "../" in the filename inside the zip, what would happen? You might need to manually modify things if your zip tools don't allow it.
To protect against this kind of vulnerability you are looking for something like this:
String somedirectory = "c:/fixed_directory/";
String file = request.getParameter("file");
if(file.indexOf(".")>-1)
{
//if it contains a ., disallow
out.print("stop trying to hack");
return;
}
else
{
//load specified file and print to screen
loadfile(somedirectory+file+".txt");
///.....
}
If you just were to pass the variable "file" to your loadfile function without checking, then someone could make a link to load any file they want. See https://www.owasp.org/index.php/Path_Traversal