4.1.0 data leak, server, variant 2

var http = require('http'); var fs = require('fs');

function doSomethingWithData(data, c) { setTimeout(c, 100); }

http.createServer(function(req, res) { // This represents one endpoint // This is alternative to reading an empty file. Does not deal with files. if (req.url === '/file1') { var chunks = []; req.on('data', function(chunk) { // chunk is a Buffer chunks.push(chunk); }); req.on('end', function() { // This is a common way of collecting the request body. var data = Buffer.concat(chunks); doSomethingWithData(data, function() { res.end(); }); }); return; }

// This represents an endpoint that receives data
if (/^\/stuff\//.test(req.url)) {
	req.on('data', function (chunk) {});
	req.on('end', function() {
		res.end();
	});
	return;
}

// This represents another endpoint
if (/^\/token\//.test(req.url)) {
	var x = new Uint8Array(1000);
	if (req.url !== '/token/invalid') {
		x.fill(42); // fill x with something for valid stuff
	} // else do nothing for invalid stuff, but that's ok, correct? Nothing could go wrong. There are zeroes there!
	res.write(x.toString());
	res.end();
	return;
}

res.end();

}).listen(7777);