UNPKG

@equinor/fusion-framework-cli

Version:

Command-line toolkit for developing, building, and publishing Fusion Framework applications and portal templates. Provides a unified developer experience from local development to production deployment.

github.com/equinor/fusion-framework

equinor/fusion-framework

56 lines 2.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import { resolve } from 'node:path'; import { rmSync } from 'node:fs'; import isPathInside from 'is-path-inside'; /** * Validates that a target path is safe for file system operations. * * Uses the well-established `is-path-inside` library to prevent path traversal attacks * by ensuring the target path is within expected bounds. * * @param targetPath - The path to validate * @param baseDir - The base directory that the target path should be within (optional) * @returns The resolved, validated path * @throws {Error} If the path is invalid or potentially dangerous * * @example * ```typescript * // Validate a user-provided path within a specific directory * const safePath = validateSafePath(userInput, '/path/to/base/directory'); * * // Validate a path without base directory constraint * const safePath = validateSafePath('/tmp/safe-directory'); * ``` */ export function validateSafePath(targetPath, baseDir) { if (typeof targetPath !== 'string' || targetPath.trim() === '') { throw new Error('Target path must be a non-empty string'); } // Resolve the target path to get absolute path const resolvedPath = resolve(targetPath); // If baseDir is provided, ensure target path is within it using the established library if (baseDir) { const resolvedBaseDir = resolve(baseDir); if (!isPathInside(resolvedPath, resolvedBaseDir)) { throw new Error('The target path must be within the specified base directory. Please specify a relative path or ensure the absolute path is within the base directory.'); } } return resolvedPath; } /** * Safely removes a directory with path traversal protection. * * This function validates the target path before performing the removal * operation to prevent accidental deletion of unintended directories. * * @param targetPath - The path to remove * @param options - rmSync options * @param baseDir - Optional base directory constraint * @throws {Error} If path validation fails or removal operation fails */ export function safeRmSync(targetPath, options, baseDir) { // Validate the path before removal const safePath = validateSafePath(targetPath, baseDir); // Perform the removal operation rmSync(safePath, options); } //# sourceMappingURL=path-security.js.map