MCPcopy
hub / github.com/garrytan/gstack / validateTempPath

Function validateTempPath

browse/src/path-security.ts:102–117  ·  view source on GitHub ↗
(filePath: string)

Source from the content-addressed store, hash-verified

100
101/** Validate a file path for remote serving (GET /file). TEMP_DIR only, not cwd. */
102export function validateTempPath(filePath: string): void {
103 const resolved = path.resolve(filePath);
104 let realPath: string;
105 try {
106 realPath = fs.realpathSync(resolved);
107 } catch (err: any) {
108 if (err.code === 'ENOENT') {
109 throw new Error('File not found');
110 }
111 throw new Error(`Cannot resolve path: ${filePath}`);
112 }
113 const isSafe = TEMP_ONLY.some(dir => isPathWithin(realPath, dir));
114 if (!isSafe) {
115 throw new Error(`Path must be within: ${TEMP_ONLY.join(', ')} (remote file serving is restricted to temp directory)`);
116 }
117}
118
119/** Escape special regex metacharacters in a user-supplied string to prevent ReDoS. */
120export function escapeRegExp(s: string): string {

Callers 2

makeFetchHandlerFunction · 0.90

Calls 1

isPathWithinFunction · 0.90

Tested by

no test coverage detected