MCPcopy
hub / github.com/autobrr/qui / normalizeContentPathRelativeInput

Function normalizeContentPathRelativeInput

internal/proxy/handler.go:747–763  ·  view source on GitHub ↗
(raw string)

Source from the content-addressed store, hash-verified

745}
746
747func normalizeContentPathRelativeInput(raw string) (string, error) {
748 trimmed := strings.TrimSpace(raw)
749 if trimmed == "" {
750 return "", errors.New("content path is required")
751 }
752
753 trimmed = strings.ReplaceAll(trimmed, "\\", "/")
754 normalized := filepath.Clean(filepath.FromSlash(trimmed))
755 if filepath.IsAbs(normalized) {
756 return "", errors.New("absolute paths are not allowed")
757 }
758 if normalized == ".." || strings.HasPrefix(normalized, ".."+string(filepath.Separator)) {
759 return "", errors.New("path traversal detected")
760 }
761
762 return normalized, nil
763}
764
765func resolveProxyContentPath(basePath, relativePath string) (string, error) {
766 cleanBase := filepath.Clean(basePath)

Calls

no outgoing calls

Tested by 1