UNPKG

@nanocollective/nanocoder

Version:

A local-first CLI coding agent that brings the power of agentic coding tools like Claude Code and Gemini CLI to local models or controlled APIs like OpenRouter

github.com/Nano-Collective/nanocoder

Nano-Collective/nanocoder

69 lines 2.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/** * Path Validation Utilities * * This module provides security-focused path validation functions to prevent * directory traversal attacks and ensure file operations remain within the * project directory. * * These functions are used by file manipulation tools (read_file, write_file, * string_replace) and the file mention parser to ensure all file paths are * safe before any file system operations are performed. * * Security threats mitigated: * - Directory traversal attacks (../ or ..\) * - Absolute path escapes (/etc/passwd, C:\Windows\System32) * - Null byte injection (\0) * - Path separator confusion (mixing / and \) */ /** * Validates that a file path is safe and within acceptable boundaries. * * This function performs multiple security checks to ensure the path: * - Is not empty * - Does not contain directory traversal sequences (..) * - Is not an absolute path (Unix or Windows style) * - Does not contain null bytes (security exploit) * - Does not start with path separators * * @param filePath - The relative file path to validate * @returns true if the path is valid and safe, false otherwise * * @example * ```ts * isValidFilePath('src/app.tsx') // true * isValidFilePath('../etc/passwd') // false - directory traversal * isValidFilePath('/etc/passwd') // false - absolute path * isValidFilePath('C:\\Windows\\file') // false - Windows absolute path * isValidFilePath('file\0.txt') // false - null byte injection * ``` */ export declare function isValidFilePath(filePath: string): boolean; /** * Resolves a relative file path to an absolute path and ensures it remains * within the project directory. * * This function provides defense-in-depth by: * 1. First validating the path using isValidFilePath() * 2. Resolving the path to an absolute path * 3. Verifying the resolved path is still within the project directory * * @param filePath - The relative file path to resolve * @param cwd - The current working directory (project root) * @returns The absolute path to the file * @throws Error if the path is invalid or escapes the project directory * * @example * ```ts * resolveFilePath('src/app.tsx', '/home/user/project') * // Returns: '/home/user/project/src/app.tsx' * * resolveFilePath('../etc/passwd', '/home/user/project') * // Throws: Invalid file path: ../etc/passwd * * // Symlink that escapes project directory: * resolveFilePath('symlink-to-etc', '/home/user/project') * // Throws: File path escapes project directory * ``` */ export declare function resolveFilePath(filePath: string, cwd: string): string; //# sourceMappingURL=path-validation.d.ts.map