* Verify every S3 URI in the event resolves to the configured render bucket. * Throws `S3_URI_NOT_ALLOWED` (non-retryable) when a URI targets a different * bucket, preventing event injection from reading or writing arbitrary S3 data. * * Skipped when `HYPERFRAMES_RENDER_BUCKET` is unset so exist
(event: PlanEvent | RenderChunkEvent | AssembleEvent)
| 501 | * without the env var continue to work. |
| 502 | */ |
| 503 | function validateEventS3Uris(event: PlanEvent | RenderChunkEvent | AssembleEvent): void { |
| 504 | const allowedBucket = process.env.HYPERFRAMES_RENDER_BUCKET?.trim(); |
| 505 | if (!allowedBucket) return; |
| 506 | |
| 507 | for (const uri of getEventS3Uris(event)) { |
| 508 | const { bucket } = parseS3Uri(uri); |
| 509 | if (bucket !== allowedBucket) { |
| 510 | const err = new Error( |
| 511 | `[handler] S3_URI_NOT_ALLOWED: URI ${JSON.stringify(uri)} targets bucket "${bucket}" but only "${allowedBucket}" is permitted`, |
| 512 | ); |
| 513 | err.name = "S3_URI_NOT_ALLOWED"; |
| 514 | throw err; |
| 515 | } |
| 516 | } |
| 517 | } |
| 518 | |
| 519 | function pad(n: number): string { |
| 520 | return n.toString().padStart(4, "0"); |
no test coverage detected