(filePath: string)
| 100 | |
| 101 | /** Validate a file path for remote serving (GET /file). TEMP_DIR only, not cwd. */ |
| 102 | export function validateTempPath(filePath: string): void { |
| 103 | const resolved = path.resolve(filePath); |
| 104 | let realPath: string; |
| 105 | try { |
| 106 | realPath = fs.realpathSync(resolved); |
| 107 | } catch (err: any) { |
| 108 | if (err.code === 'ENOENT') { |
| 109 | throw new Error('File not found'); |
| 110 | } |
| 111 | throw new Error(`Cannot resolve path: ${filePath}`); |
| 112 | } |
| 113 | const isSafe = TEMP_ONLY.some(dir => isPathWithin(realPath, dir)); |
| 114 | if (!isSafe) { |
| 115 | throw new Error(`Path must be within: ${TEMP_ONLY.join(', ')} (remote file serving is restricted to temp directory)`); |
| 116 | } |
| 117 | } |
| 118 | |
| 119 | /** Escape special regex metacharacters in a user-supplied string to prevent ReDoS. */ |
| 120 | export function escapeRegExp(s: string): string { |
no test coverage detected