axiodb/lib/Helper/PathSanitizer.helper.d.ts

The Pure JavaScript Alternative to SQLite. Embedded NoSQL database for Node.js with MongoDB-style queries, zero native dependencies, built-in InMemoryCache, and web GUI. Perfect for desktop apps, CLI tools, and embedded systems. No compilation, no platfor

/**
 * PathSanitizer - Security helper to prevent directory traversal attacks
 *
 * Provides methods to sanitize user-controlled path components and validate
 * that constructed paths remain within expected boundaries.
 *
 * @class PathSanitizer
 * @example
 * const safe = PathSanitizer.sanitizePathComponent('../../etc/passwd');
 * // Returns: '______etc_passwd'
 */
export default class PathSanitizer {
    /**
     * Sanitizes user input to prevent directory traversal attacks
     *
     * Removes dangerous characters that could be used for path traversal,
     * including: '../', '/', '\', null bytes, and other special characters.
     *
     * @param userInput - Potentially malicious path component
     * @returns Sanitized string safe for file paths
     * @throws Error if input is invalid or results in empty string
     *
     * @example
     * PathSanitizer.sanitizePathComponent('../../../etc/passwd');
     * // Returns: '______etc_passwd'
     *
     * PathSanitizer.sanitizePathComponent('safe-name_123');
     * // Returns: 'safe-name_123'
     */
    static sanitizePathComponent(userInput: string): string;
    /**
     * Validates that resolved path is within basePath (defense in depth)
     *
     * This provides an additional security layer by ensuring the final
     * constructed path hasn't escaped the expected base directory through
     * symlinks or other means.
     *
     * @param basePath - Expected parent directory
     * @param fullPath - Constructed path to validate
     * @throws Error if path traversal detected
     *
     * @example
     * PathSanitizer.validatePath('/app/data', '/app/data/users/123.axiodb');
     * // No error - path is within base
     *
     * PathSanitizer.validatePath('/app/data', '/etc/passwd');
     * // Throws: Security violation: Path traversal attempt detected
     */
    static validatePath(basePath: string, fullPath: string): void;
    /**
     * Safe path join with automatic sanitization and validation
     *
     * Combines base path with one or more path components after sanitizing
     * each component and validating the final path remains within the base.
     *
     * @param basePath - Base directory (trusted path)
     * @param components - Path components to join (will be sanitized)
     * @returns Safe joined path guaranteed to be within basePath
     * @throws Error if sanitization fails or path traversal detected
     *
     * @example
     * PathSanitizer.safePath('/app/data', 'users', 'doc123.axiodb');
     * // Returns: '/app/data/users/doc123.axiodb'
     *
     * PathSanitizer.safePath('/app/data', '../../../etc/passwd');
     * // Throws: Security violation (after sanitization and validation)
     */
    static safePath(basePath: string, ...components: string[]): string;
}