MCPcopy Index your code
hub / github.com/simstudioai/sim / validatePathSegment

Function validatePathSegment

apps/sim/lib/core/security/input-validation.ts:50–160  ·  view source on GitHub ↗
(
  value: string | null | undefined,
  options: PathSegmentOptions = {}
)

Source from the content-addressed store, hash-verified

48 * ```
49 */
50export function validatePathSegment(
51 value: string | null | undefined,
52 options: PathSegmentOptions = {}
53): ValidationResult {
54 const {
55 paramName = 'path segment',
56 maxLength = 255,
57 allowHyphens = true,
58 allowUnderscores = true,
59 allowDots = false,
60 customPattern,
61 } = options
62
63 if (value === null || value === undefined || value === '') {
64 return {
65 isValid: false,
66 error: `${paramName} is required`,
67 }
68 }
69
70 if (value.length > maxLength) {
71 logger.warn('Path segment exceeds maximum length', {
72 paramName,
73 length: value.length,
74 maxLength,
75 })
76 return {
77 isValid: false,
78 error: `${paramName} exceeds maximum length of ${maxLength} characters`,
79 }
80 }
81
82 if (value.includes('\0') || value.includes('%00')) {
83 logger.warn('Path segment contains null bytes', { paramName })
84 return {
85 isValid: false,
86 error: `${paramName} contains invalid characters`,
87 }
88 }
89
90 const pathTraversalPatterns = [
91 '..',
92 './',
93 '.\\.',
94 '%2e%2e',
95 '%252e%252e',
96 '..%2f',
97 '..%5c',
98 '%2e%2e%2f',
99 '%2e%2e/',
100 '..%252f',
101 ]
102
103 const lowerValue = value.toLowerCase()
104 for (const pattern of pathTraversalPatterns) {
105 if (lowerValue.includes(pattern.toLowerCase())) {
106 logger.warn('Path traversal attempt detected', {
107 paramName,

Callers 15

getItemBasePathFunction · 0.90
get_user_posts.tsFile · 0.90
get_user.tsFile · 0.90
get_comments.tsFile · 0.90
normalizeSubredditFunction · 0.90
get_saved.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90

Calls 3

testMethod · 0.80
warnMethod · 0.65
toStringMethod · 0.45

Tested by

no test coverage detected