MCPcopy Index your code
hub / github.com/github/spec-kit / _ensure_safe_shared_directory

Function _ensure_safe_shared_directory

src/specify_cli/shared_infra.py:163–196  ·  view source on GitHub ↗

Create a shared infra directory without following symlinked parents.

(
    project_path: Path,
    directory: Path,
    *,
    create: bool = True,
    context: str = "shared infrastructure directory",
)

Source from the content-addressed store, hash-verified

161
162
163def _ensure_safe_shared_directory(
164 project_path: Path,
165 directory: Path,
166 *,
167 create: bool = True,
168 context: str = "shared infrastructure directory",
169) -> None:
170 """Create a shared infra directory without following symlinked parents."""
171 root = project_path.resolve()
172 rel = _shared_relative_path(project_path, directory)
173 current = project_path
174
175 for part in rel.parts:
176 current = current / part
177 label = _shared_destination_label(project_path, current)
178 if current.is_symlink():
179 raise SymlinkedSharedPathError(f"Refusing to use symlinked {context}: {label}")
180 if current.exists():
181 if not current.is_dir():
182 raise ValueError(f"{context.capitalize()} path is not a directory: {label}")
183 try:
184 current.resolve().relative_to(root)
185 except (OSError, ValueError):
186 raise ValueError(f"{context.capitalize()} escapes project root: {label}") from None
187 continue
188 if not create:
189 raise ValueError(f"{context.capitalize()} does not exist: {label}")
190 current.mkdir()
191 if current.is_symlink():
192 raise SymlinkedSharedPathError(f"Refusing to use symlinked {context}: {label}")
193 try:
194 current.resolve().relative_to(root)
195 except (OSError, ValueError):
196 raise ValueError(f"{context.capitalize()} escapes project root: {label}") from None
197
198
199def _validate_safe_shared_directory(project_path: Path, directory: Path) -> None:

Callers 4

refresh_shared_templatesFunction · 0.85
_ensure_or_bucket_dirFunction · 0.85

Calls 4

_shared_relative_pathFunction · 0.85
resolveMethod · 0.45

Tested by

no test coverage detected