MCPcopy
hub / github.com/21st-dev/1code / writeFile

Function writeFile

src/main/lib/git/security/secure-fs.ts:327–339  ·  view source on GitHub ↗

* Write content to a file within a worktree. * * SECURITY: Blocks writes if the file is a symlink pointing outside * the worktree. This prevents malicious repos from tricking users * into overwriting sensitive files like ~/.bashrc. * * @throws PathValidationError with code "SYMLINK_ESCAP

(
		worktreePath: string,
		filePath: string,
		content: string,
	)

Source from the content-addressed store, hash-verified

325 * @throws PathValidationError with code "SYMLINK_ESCAPE" if target escapes worktree
326 */
327 async writeFile(
328 worktreePath: string,
329 filePath: string,
330 content: string,
331 ): Promise<void> {
332 assertRegisteredWorktree(worktreePath);
333 const fullPath = resolvePathInWorktree(worktreePath, filePath);
334
335 // Block writes through symlinks that escape the worktree
336 await assertRealpathInWorktree(worktreePath, fullPath);
337
338 await writeFile(fullPath, content, "utf-8");
339 },
340
341 /**
342 * Delete a file or directory within a worktree.

Callers 4

saveWorktreeConfigFunction · 0.85
applySandboxGitStateFunction · 0.85
files.tsFile · 0.85
writeClaudeSessionFunction · 0.85

Calls 3

assertRegisteredWorktreeFunction · 0.90
resolvePathInWorktreeFunction · 0.90
assertRealpathInWorktreeFunction · 0.85

Tested by

no test coverage detected