fix all vulnerabilities in the production code (#817)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

lib/units/storage/temp.js

@@ -8,7 +8,6 @@ var path = require('path')
 var crypto = require('crypto')
 
 var express = require('express')
-var validator = require('express-validator')
 var bodyParser = require('body-parser')
 var formidable = require('formidable')
 var Promise = require('bluebird')
@@ -30,7 +29,6 @@ module.exports = function(options) {
   app.set('trust proxy', true)
 
   app.use(bodyParser.json())
-  app.use(validator())
 
   app.disable('x-powered-by')
 
@@ -38,10 +36,8 @@ module.exports = function(options) {
     log.info('Cleaning up inactive resource "%s"', id)
   })
 
-  app.post('/s/download/:plugin', function(req, res) {
-    requtil.validate(req, function() {
-        req.checkBody('url').notEmpty()
-      })
+  app.post('/s/download/:plugin', requtil.validators.tempUrlValidator, function(req, res) {
+    requtil.validate(req)
       .then(function() {
         return download(req.body.url, {
           dir: options.cacheDir