fix(codeQL): Patched code

src/endpoints/file.ts

@@ -1,14 +1,18 @@
 import { Application, Request, Response } from "express";
 import { apiMessage, errorMessage } from "../logger";
 import { existsSync } from "fs";
-import { join } from "path";
+import { resolve } from "path";
 
 export default (app: Application) => {
   app.get("/:name", async (req: Request, res: Response) => {
     try {
       const fileName = req.params.name;
       apiMessage(req.path, `User is trying to get a file - ${fileName}`);
-      const filePath = join(__dirname, "../", "files", fileName);
+      const fileNamePattern = /^[a-zA-Z0-9_-]+$/;
+      if (!fileNamePattern.test(fileName)) {
+        return res.status(400).json({ error: "Invalid file name" });
+      }
+      const filePath = resolve(__dirname, "../", "files", fileName);
       if (!existsSync(filePath)) {
         errorMessage(`File ${fileName} not found`);
         return res

src/endpoints/save.ts

@@ -26,6 +26,10 @@ export default (app: Application) => {
       }
 
       const fileName = req.params.name;
+      const fileNamePattern = /^[a-zA-Z0-9_-]+$/;
+      if (!fileNamePattern.test(fileName)) {
+        return res.status(400).json({ error: "Invalid file name" });
+      }
       const filePath = join(__dirname, "../", "files", fileName);
       if (existsSync(filePath)) {
         errorMessage(`File ${fileName} already exists`);