(rootDir: string, filePath: string)
| 16 | } |
| 17 | |
| 18 | function assertWithinRoot(rootDir: string, filePath: string): string { |
| 19 | const resolved = resolve(rootDir, filePath); |
| 20 | const normalizedRoot = resolve(rootDir) + "/"; |
| 21 | if (!resolved.startsWith(normalizedRoot) && resolved !== resolve(rootDir)) { |
| 22 | throw new Error(`Path traversal denied: "${filePath}" resolves outside root directory`); |
| 23 | } |
| 24 | return resolved; |
| 25 | } |
| 26 | |
| 27 | async function ensureDataDir(rootDir: string): Promise<string> { |
| 28 | const dataPath = join(rootDir, DATA_DIR); |
no outgoing calls
no test coverage detected