MCPcopy Index your code
hub / github.com/codeaashu/claude-code / validatePath

Function validatePath

src/utils/permissions/pathValidation.ts:373–485  ·  view source on GitHub ↗
(
  path: string,
  cwd: string,
  toolPermissionContext: ToolPermissionContext,
  operationType: FileOperationType,
)

Source from the content-addressed store, hash-verified

371 * Returns whether the path is allowed and the resolved path for error messages.
372 */
373export function validatePath(
374 path: string,
375 cwd: string,
376 toolPermissionContext: ToolPermissionContext,
377 operationType: FileOperationType,
378): ResolvedPathCheckResult {
379 // Remove surrounding quotes if present
380 const cleanPath = expandTilde(path.replace(/^['"]|['"]$/g, ''))
381
382 // SECURITY: Block UNC paths that could leak credentials
383 if (containsVulnerableUncPath(cleanPath)) {
384 return {
385 allowed: false,
386 resolvedPath: cleanPath,
387 decisionReason: {
388 type: 'other',
389 reason: 'UNC network paths require manual approval',
390 },
391 }
392 }
393
394 // SECURITY: Reject tilde variants (~user, ~+, ~-, ~N) that expandTilde doesn't handle.
395 // expandTilde resolves ~ and ~/ to $HOME, but ~root, ~+, ~- etc. are left as literal
396 // text and resolved as relative paths (e.g., /cwd/~root/.ssh/id_rsa).
397 // The shell expands these differently (~root → /var/root, ~+ → $PWD, ~- → $OLDPWD),
398 // creating a TOCTOU gap: we validate /cwd/~root/... but bash reads /var/root/...
399 // This check is safe from false positives because expandTilde already converted
400 // ~ and ~/ to absolute paths starting with /, so only unexpanded variants remain.
401 if (cleanPath.startsWith('~')) {
402 return {
403 allowed: false,
404 resolvedPath: cleanPath,
405 decisionReason: {
406 type: 'other',
407 reason:
408 'Tilde expansion variants (~user, ~+, ~-) in paths require manual approval',
409 },
410 }
411 }
412
413 // SECURITY: Reject paths containing ANY shell expansion syntax ($ or % characters,
414 // or paths starting with = which triggers Zsh equals expansion)
415 // - $VAR (Unix/Linux environment variables like $HOME, $PWD)
416 // - ${VAR} (brace expansion)
417 // - $(cmd) (command substitution)
418 // - %VAR% (Windows environment variables like %TEMP%, %USERPROFILE%)
419 // - Nested combinations like $(echo $HOME)
420 // - =cmd (Zsh equals expansion, e.g. =rg expands to /usr/bin/rg)
421 // All of these are preserved as literal strings during validation but expanded
422 // by the shell during execution, creating a TOCTOU vulnerability
423 if (
424 cleanPath.includes('$') ||
425 cleanPath.includes('%') ||
426 cleanPath.startsWith('=')
427 ) {
428 return {
429 allowed: false,
430 resolvedPath: cleanPath,

Callers

nothing calls this directly

Calls 7

validateGlobPatternFunction · 0.85
safeResolvePathFunction · 0.85
getFsImplementationFunction · 0.85
expandTildeFunction · 0.70
isPathAllowedFunction · 0.70
resolveFunction · 0.50

Tested by

no test coverage detected