(fs: PathManipulation, outputFolder: AbsoluteFsPath)
| 23 | * @param outputFolder An absolute path to the folder containing this set of translations. |
| 24 | */ |
| 25 | export function getOutputPathFn(fs: PathManipulation, outputFolder: AbsoluteFsPath): OutputPathFn { |
| 26 | const [pre, post] = outputFolder.split('{{LOCALE}}'); |
| 27 | return post === undefined |
| 28 | ? (_locale, relativePath) => fs.join(pre, relativePath) |
| 29 | : (locale, relativePath) => { |
| 30 | if (/[\/\\]|\.\./.test(locale)) { |
| 31 | throw new Error(`Invalid Locale: '${locale}' is not a valid locale.`); |
| 32 | } |
| 33 | |
| 34 | const outputPath = fs.join(pre + locale + post, relativePath); |
| 35 | const resolvedOutputPath = fs.resolve(outputPath); |
| 36 | const resolvedPre = fs.resolve(pre); |
| 37 | |
| 38 | if (!resolvedOutputPath.startsWith(resolvedPre)) { |
| 39 | throw new Error(`Invalid Locale: '${locale}' would cause path traversal.`); |
| 40 | } |
| 41 | |
| 42 | return outputPath; |
| 43 | }; |
| 44 | } |
no test coverage detected
searching dependent graphs…