UNPKG

@minecraft/creator-tools

Version:

Minecraft Creator Tools command line and libraries.

aka.ms/mcthomepage

Mojang/minecraft-creator-tools

73 lines (72 loc) 2.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/** * Security utilities for input validation and sanitization */ export default class SecurityUtilities { static readonly MAX_UPLOAD_SIZE: number; static readonly MAX_ZIP_FILES = 50000; static readonly MAX_DECOMPRESSED_SIZE: number; private static readonly authAttempts; private static readonly MAX_AUTH_ATTEMPTS; private static readonly AUTH_WINDOW_MS; /** * Validates that a path doesn't contain directory traversal sequences */ static validatePath(path: string): boolean; /** * Validates that a path doesn't contain directory traversal sequences. * Unlike validatePath, this allows leading slashes for storage-relative paths. */ static validatePathTraversal(path: string): boolean; /** * Sanitizes a storage path by removing dangerous characters while preserving leading slash. * For use with internal storage system that expects paths like "/images/file.png". */ static sanitizeStoragePath(path: string): string; /** * Sanitizes a path by removing dangerous characters and sequences */ static sanitizePath(path: string): string; /** * Validates that a file size is within acceptable limits */ static validateFileSize(size: number, maxSize?: number): boolean; /** * Validates Minecraft command input to prevent injection */ static sanitizeCommand(command: string): string; /** * Validates that a command is safe to execute */ static isCommandSafe(command: string): boolean; /** * Rate limiting for authentication attempts */ static checkAuthRateLimit(identifier: string): boolean; /** * Reset rate limit for an identifier (on successful auth) */ static resetAuthRateLimit(identifier: string): void; /** * Validates JSON object doesn't contain prototype pollution */ static sanitizeJsonObject(obj: any): any; /** * Validates that a string contains only safe characters for player names */ static sanitizePlayerName(name: string): string; } /** * Result of Authenticode signature verification */ export interface ISignatureVerificationResult { /** Whether the signature is valid */ isValid: boolean; /** Status string from signature verification */ status: string; /** Subject (signer) of the certificate, if available */ signer?: string; /** Error message if verification failed */ error?: string; /** Whether the signer is Microsoft/Mojang */ isMicrosoftSigned?: boolean; }