(
containmentRoot: string,
candidatePath: string,
options?: { allowMissing?: boolean }
)
| 90 | * escape. |
| 91 | */ |
| 92 | export async function ensurePathContained( |
| 93 | containmentRoot: string, |
| 94 | candidatePath: string, |
| 95 | options?: { allowMissing?: boolean } |
| 96 | ): Promise<string> { |
| 97 | const containmentRootReal = await fsPromises.realpath(containmentRoot); |
| 98 | const candidateReal = options?.allowMissing |
| 99 | ? await resolveRealPathAllowMissing(candidatePath) |
| 100 | : await fsPromises.realpath(candidatePath); |
| 101 | |
| 102 | if (!isPathInsideRoot(containmentRootReal, candidateReal)) { |
| 103 | throw new Error("Path resolves outside containment root after symlink resolution."); |
| 104 | } |
| 105 | |
| 106 | return candidateReal; |
| 107 | } |
| 108 | |
| 109 | async function resolveRealPathAllowMissing(targetPath: string): Promise<string> { |
| 110 | const missingSegments: string[] = []; |
no test coverage detected