(gitRoot: string, allowedRoots: string[])
| 110 | } |
| 111 | |
| 112 | async function assertGitRootAllowed(gitRoot: string, allowedRoots: string[]): Promise<string> { |
| 113 | try { |
| 114 | return assertAllowedPath(gitRoot, allowedRoots); |
| 115 | } catch { |
| 116 | const canonicalGitRoot = await realpath(gitRoot); |
| 117 | for (const allowedRoot of allowedRoots) { |
| 118 | const canonicalAllowedRoot = await realpath(allowedRoot).catch(() => undefined); |
| 119 | if (!canonicalAllowedRoot || !isPathInsideRoot(canonicalGitRoot, canonicalAllowedRoot)) { |
| 120 | continue; |
| 121 | } |
| 122 | |
| 123 | const logicalGitRoot = resolve(allowedRoot, relative(canonicalAllowedRoot, canonicalGitRoot)); |
| 124 | return assertAllowedPath(logicalGitRoot, allowedRoots); |
| 125 | } |
| 126 | |
| 127 | return assertAllowedPath(canonicalGitRoot, allowedRoots); |
| 128 | } |
| 129 | } |
| 130 | |
| 131 | async function resolveBaseCommit(sourceRoot: string, baseRef: string): Promise<string> { |
| 132 | try { |
no test coverage detected