UNPKG

spanwright

Version:

CLI tool to generate Cloud Spanner E2E testing framework projects with Go database tools and Playwright browser automation

github.com/nu0ma/spanwright

nu0ma/spanwright

45 lines 1.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isSafePath = isSafePath; exports.validatePath = validatePath; exports.getSafePath = getSafePath; const path_1 = require("path"); const errors_1 = require("./errors"); /** * Basic path traversal check * @param basePath The base directory path * @param targetPath The path to validate * @returns true if the path is safe, false otherwise */ function isSafePath(basePath, targetPath) { const normalizedBase = (0, path_1.resolve)(basePath); const normalizedTarget = (0, path_1.resolve)(basePath, targetPath); const relativePath = (0, path_1.relative)(normalizedBase, normalizedTarget); // Basic check for path traversal return !relativePath.startsWith('..') && !relativePath.includes('..'); } /** * Basic path validation * @param basePath The base directory path * @param targetPath The path to validate * @param operationName The name of the operation (for error messages) * @throws SecurityError if the path is unsafe */ function validatePath(basePath, targetPath, operationName) { // Basic path traversal check if (!isSafePath(basePath, targetPath)) { throw new errors_1.SecurityError(`Path traversal attempt detected in ${operationName}: ${targetPath}`, targetPath); } } /** * Gets a safe path within a base directory * @param basePath The base directory * @param targetPath The target path to validate * @returns The normalized absolute path if safe * @throws SecurityError if the path is unsafe */ function getSafePath(basePath, targetPath) { validatePath(basePath, targetPath, 'getSafePath'); return (0, path_1.resolve)(basePath, targetPath); } //# sourceMappingURL=security.js.map