| 93 | * Returns true only if resolvedPath is within directoryPath |
| 94 | */ |
| 95 | export function isPathWithinDirectory(resolvedPath: string, directoryPath: string): boolean { |
| 96 | // Get the relative path from directory to the target |
| 97 | const relativePath = path.relative(directoryPath, resolvedPath); |
| 98 | |
| 99 | // If relative path starts with "..", it's outside the directory |
| 100 | // If relative path is absolute, it's outside the directory |
| 101 | // If relative path is empty or ".", it's the directory itself |
| 102 | return !relativePath.startsWith('..') && !path.isAbsolute(relativePath); |
| 103 | } |
| 104 | |
| 105 | /** |
| 106 | * Get the configured allowed root directory |