1. Advisor
  2. @wireapp/store-engine
  3. functions
  4. @wireapp/store-engine.error.PathValidationError
View all @wireapp/store-engine analysis

How to use the @wireapp/store-engine.error.PathValidationError function in @wireapp/store-engine

To help you get started, we’ve selected a few @wireapp/store-engine examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github wireapp / wire-web-packages / packages / store-engine-fs / src / index.ts View on Github external
public static enforcePathRestrictions(givenTrustedRoot: string, givenPath: string): string {
    const trustedRoot = FileEngine.path.resolve(givenTrustedRoot);

    const trustedRootDetails = FileEngine.path.parse(trustedRoot);
    if (trustedRootDetails.root === trustedRootDetails.dir && trustedRootDetails.base === '') {
      const message = `"${trustedRoot}" cannot be the root of the filesystem.`;
      throw new StoreEngineError.PathValidationError(message);
    }

    const unsafePath = FileEngine.path.resolve(trustedRoot, givenPath);
    if (unsafePath.startsWith(trustedRoot) === false) {
      const message = `Path traversal has been detected. Allowed path was "${trustedRoot}" but tested path "${givenPath}" attempted to reach "${unsafePath}"`;
      throw new StoreEngineError.PathValidationError(message);
    }

    return unsafePath;
  }

@wireapp/store-engine

Provides a storage wrapper API to unify access to different storage technologies.

GitHub
GPL-3.0
Latest version published 5 months ago

Package Health Score

60 / 100
Full package analysis

Popular @wireapp/store-engine functions

Similar packages