* Write content to a file within a worktree. * * SECURITY: Blocks writes if the file is a symlink pointing outside * the worktree. This prevents malicious repos from tricking users * into overwriting sensitive files like ~/.bashrc. * * @throws PathValidationError with code "SYMLINK_ESCAP
( worktreePath: string, filePath: string, content: string, )
| 325 | * @throws PathValidationError with code "SYMLINK_ESCAPE" if target escapes worktree |
| 326 | */ |
| 327 | async writeFile( |
| 328 | worktreePath: string, |
| 329 | filePath: string, |
| 330 | content: string, |
| 331 | ): Promise<void> { |
| 332 | assertRegisteredWorktree(worktreePath); |
| 333 | const fullPath = resolvePathInWorktree(worktreePath, filePath); |
| 334 | |
| 335 | // Block writes through symlinks that escape the worktree |
| 336 | await assertRealpathInWorktree(worktreePath, fullPath); |
| 337 | |
| 338 | await writeFile(fullPath, content, "utf-8"); |
| 339 | }, |
| 340 | |
| 341 | /** |
| 342 | * Delete a file or directory within a worktree. |
no test coverage detected