()
| 27 | * - DATA_DIR: appData exception, always allowed |
| 28 | */ |
| 29 | export function initAllowedPaths(): void { |
| 30 | // Load ALLOWED_ROOT_DIRECTORY |
| 31 | const rootDir = process.env.ALLOWED_ROOT_DIRECTORY; |
| 32 | if (rootDir) { |
| 33 | allowedRootDirectory = path.resolve(rootDir); |
| 34 | console.log(`[Security] ✓ ALLOWED_ROOT_DIRECTORY configured: ${allowedRootDirectory}`); |
| 35 | } else { |
| 36 | console.log('[Security] ⚠️ ALLOWED_ROOT_DIRECTORY not set - allowing access to all paths'); |
| 37 | } |
| 38 | |
| 39 | // Load DATA_DIR (appData exception - always allowed) |
| 40 | const dataDir = process.env.DATA_DIR; |
| 41 | if (dataDir) { |
| 42 | dataDirectory = path.resolve(dataDir); |
| 43 | console.log(`[Security] ✓ DATA_DIR configured: ${dataDirectory}`); |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | /** |
| 48 | * Check if a path is allowed based on ALLOWED_ROOT_DIRECTORY |
no test coverage detected