MCPcopy
hub / github.com/AutoMaker-Org/automaker / isPathAllowed

Function isPathAllowed

libs/platform/src/security.ts:54–75  ·  view source on GitHub ↗
(filePath: string)

Source from the content-addressed store, hash-verified

52 * - No restrictions are configured (backward compatibility)
53 */
54export function isPathAllowed(filePath: string): boolean {
55 const resolvedPath = path.resolve(filePath);
56
57 // Always allow appData directory (settings, credentials)
58 if (dataDirectory && isPathWithinDirectory(resolvedPath, dataDirectory)) {
59 return true;
60 }
61
62 // If no ALLOWED_ROOT_DIRECTORY restriction is configured, allow all paths
63 // Note: DATA_DIR is checked above as an exception, but doesn't restrict other paths
64 if (!allowedRootDirectory) {
65 return true;
66 }
67
68 // Allow if within ALLOWED_ROOT_DIRECTORY
69 if (allowedRootDirectory && isPathWithinDirectory(resolvedPath, allowedRootDirectory)) {
70 return true;
71 }
72
73 // If restrictions are configured but path doesn't match, deny
74 return false;
75}
76
77/**
78 * Validate a path - resolves it and checks permissions

Callers 7

createBrowseHandlerFunction · 0.90
validateWorkingDirectoryFunction · 0.90
registerDialogHandlersFunction · 0.90
security.test.tsFile · 0.85
validatePathFunction · 0.85
security.test.tsFile · 0.85

Calls 2

isPathWithinDirectoryFunction · 0.85
resolveMethod · 0.80

Tested by

no test coverage detected