(input: Input)
| 153 | return expandPath(filePath) |
| 154 | }, |
| 155 | async validateInput(input: Input): Promise<ValidationResult> { |
| 156 | // First validate against the discriminated union for better type safety |
| 157 | const parseResult = lspToolInputSchema().safeParse(input) |
| 158 | if (!parseResult.success) { |
| 159 | return { |
| 160 | result: false, |
| 161 | message: `Invalid input: ${parseResult.error.message}`, |
| 162 | errorCode: 3, |
| 163 | } |
| 164 | } |
| 165 | |
| 166 | // Validate file exists and is a regular file |
| 167 | const fs = getFsImplementation() |
| 168 | const absolutePath = expandPath(input.filePath) |
| 169 | |
| 170 | // SECURITY: Skip filesystem operations for UNC paths to prevent NTLM credential leaks. |
| 171 | if (absolutePath.startsWith('\\\\') || absolutePath.startsWith('//')) { |
| 172 | return { result: true } |
| 173 | } |
| 174 | |
| 175 | let stats |
| 176 | try { |
| 177 | stats = await fs.stat(absolutePath) |
| 178 | } catch (error) { |
| 179 | if (isENOENT(error)) { |
| 180 | return { |
| 181 | result: false, |
| 182 | message: `File does not exist: ${input.filePath}`, |
| 183 | errorCode: 1, |
| 184 | } |
| 185 | } |
| 186 | const err = toError(error) |
| 187 | // Log filesystem access errors for tracking |
| 188 | logError( |
| 189 | new Error( |
| 190 | `Failed to access file stats for LSP operation on ${input.filePath}: ${err.message}`, |
| 191 | ), |
| 192 | ) |
| 193 | return { |
| 194 | result: false, |
| 195 | message: `Cannot access file: ${input.filePath}. ${err.message}`, |
| 196 | errorCode: 4, |
| 197 | } |
| 198 | } |
| 199 | |
| 200 | if (!stats.isFile()) { |
| 201 | return { |
| 202 | result: false, |
| 203 | message: `Path is not a file: ${input.filePath}`, |
| 204 | errorCode: 2, |
| 205 | } |
| 206 | } |
| 207 | |
| 208 | return { result: true } |
| 209 | }, |
| 210 | async checkPermissions(input, context): Promise<PermissionDecision> { |
| 211 | const appState = context.getAppState() |
| 212 | return checkReadPermissionForTool( |
nothing calls this directly
no test coverage detected