npm - @inspecto-dev/plugin - Versions diffs - 0.3.3 → 0.3.5 - Mend

@inspecto-dev/plugin 0.3.3 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/index.cjs +180 -45
package/dist/index.cjs.map +1 -1
package/dist/index.js +179 -44
package/dist/index.js.map +1 -1
package/dist/legacy/rspack/index.cjs +109 -19
package/dist/legacy/rspack/index.cjs.map +1 -1
package/dist/legacy/rspack/index.js +109 -19
package/dist/legacy/rspack/index.js.map +1 -1
package/dist/legacy/rspack/loader.cjs +49 -4
package/dist/legacy/rspack/loader.cjs.map +1 -1
package/dist/legacy/rspack/loader.js +49 -4
package/dist/legacy/rspack/loader.js.map +1 -1
package/dist/legacy/webpack4/index.cjs +121 -21
package/dist/legacy/webpack4/index.cjs.map +1 -1
package/dist/legacy/webpack4/index.d.cts +2 -0
package/dist/legacy/webpack4/index.d.ts +2 -0
package/dist/legacy/webpack4/index.js +121 -21
package/dist/legacy/webpack4/index.js.map +1 -1
package/dist/legacy/webpack4/loader.cjs +49 -4
package/dist/legacy/webpack4/loader.cjs.map +1 -1
package/dist/legacy/webpack4/loader.js +49 -4
package/dist/legacy/webpack4/loader.js.map +1 -1
package/dist/rollup.cjs +180 -45
package/dist/rollup.cjs.map +1 -1
package/dist/rollup.js +179 -44
package/dist/rollup.js.map +1 -1
package/dist/rspack.cjs +180 -45
package/dist/rspack.cjs.map +1 -1
package/dist/rspack.js +179 -44
package/dist/rspack.js.map +1 -1
package/dist/vite.cjs +180 -45
package/dist/vite.cjs.map +1 -1
package/dist/vite.js +179 -44
package/dist/vite.js.map +1 -1
package/dist/webpack.cjs +180 -45
package/dist/webpack.cjs.map +1 -1
package/dist/webpack.js +179 -44
package/dist/webpack.js.map +1 -1
package/package.json +6 -6

package/dist/legacy/rspack/index.cjs CHANGED Viewed

@@ -36,13 +36,13 @@ __export(rspack_exports, {
 });
 module.exports = __toCommonJS(rspack_exports);
-// ../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.8_typescript@5.9.3_yaml@2.8.3/node_modules/tsup/assets/cjs_shims.js
+// ../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.9_typescript@5.9.3_yaml@2.8.3/node_modules/tsup/assets/cjs_shims.js
 var getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${__filename}`).href : document.currentScript && document.currentScript.tagName.toUpperCase() === "SCRIPT" ? document.currentScript.src : new URL("main.js", document.baseURI).href;
 var importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
 // src/server/index.ts
 var import_node_http = __toESM(require("http"), 1);
-var import_node_fs3 = __toESM(require("fs"), 1);
+var import_node_fs4 = __toESM(require("fs"), 1);
 var import_node_path4 = __toESM(require("path"), 1);
 var import_node_os2 = __toESM(require("os"), 1);
 var import_node_crypto2 = __toESM(require("crypto"), 1);
@@ -562,6 +562,7 @@ function hasOverrides(overrides) {
 // src/server/path-guards.ts
 var import_node_path2 = __toESM(require("path"), 1);
+var import_node_fs2 = __toESM(require("fs"), 1);
 function isWindowsAbsolutePath(file) {
   return /^[a-zA-Z]:[\\/]/.test(file) || /^\\\\[^\\]+\\[^\\]+/.test(file);
 }
@@ -572,9 +573,94 @@ function resolveWorkspacePath(file, cwd) {
   return import_node_path2.default.isAbsolute(file) ? import_node_path2.default.resolve(file) : import_node_path2.default.resolve(cwd, file);
 }
 function assertPathWithinProject(file, projectRoot) {
-  const relativeToRoot = isWindowsAbsolutePath(file) || isWindowsAbsolutePath(projectRoot) ? import_node_path2.default.win32.relative(import_node_path2.default.win32.normalize(projectRoot), import_node_path2.default.win32.normalize(file)) : import_node_path2.default.relative(projectRoot, file);
-  if (relativeToRoot.startsWith("..") || import_node_path2.default.isAbsolute(relativeToRoot)) {
-    throw new Error("Access denied: File is outside of project workspace");
+  let realFile = file;
+  let realProjectRoot = projectRoot;
+  try {
+    if (import_node_fs2.default.existsSync(file)) {
+      realFile = import_node_fs2.default.realpathSync(file);
+    }
+  } catch {
+  }
+  try {
+    if (import_node_fs2.default.existsSync(projectRoot)) {
+      realProjectRoot = import_node_fs2.default.realpathSync(projectRoot);
+    }
+  } catch {
+  }
+  if (isWithinPath(file, projectRoot) || isWithinPath(realFile, realProjectRoot)) {
+    return;
+  }
+  throw new Error(
+    `Access denied: File ${normalizeForComparison(realFile)} is outside of project workspace ${normalizeForComparison(realProjectRoot)}`
+  );
+}
+function tryReadPackageName(packageRoot) {
+  try {
+    const packageJsonPath = import_node_path2.default.join(packageRoot, "package.json");
+    if (!import_node_fs2.default.existsSync(packageJsonPath)) return void 0;
+    const packageJson = JSON.parse(import_node_fs2.default.readFileSync(packageJsonPath, "utf8"));
+    return typeof packageJson.name === "string" ? packageJson.name : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function findNearestPackageRoot(file) {
+  let current = import_node_path2.default.dirname(file);
+  while (true) {
+    if (import_node_fs2.default.existsSync(import_node_path2.default.join(current, "package.json"))) {
+      return current;
+    }
+    const parent = import_node_path2.default.dirname(current);
+    if (parent === current) {
+      return void 0;
+    }
+    current = parent;
+  }
+}
+function normalizeForComparison(file) {
+  return isWindowsAbsolutePath(file) ? import_node_path2.default.win32.normalize(file) : import_node_path2.default.normalize(file);
+}
+function pathSeparatorFor(file) {
+  return isWindowsAbsolutePath(file) ? import_node_path2.default.win32.sep : import_node_path2.default.sep;
+}
+function isWithinPath(file, root) {
+  const normalizedFile = normalizeForComparison(file);
+  const normalizedRoot = normalizeForComparison(root);
+  const separator = pathSeparatorFor(normalizedRoot);
+  const rootWithSep = normalizedRoot.endsWith(separator) ? normalizedRoot : normalizedRoot + separator;
+  return normalizedFile === normalizedRoot || normalizedFile.startsWith(rootWithSep);
+}
+function resolveLinkedDependencyEntry(projectRoot, packageName) {
+  const packageSegments = packageName.split("/");
+  const dependencyPath = import_node_path2.default.join(projectRoot, "node_modules", ...packageSegments);
+  if (!import_node_fs2.default.existsSync(dependencyPath)) return void 0;
+  try {
+    return import_node_fs2.default.realpathSync(dependencyPath);
+  } catch {
+    return dependencyPath;
+  }
+}
+function isLinkedDependencyPath(file, projectRoot, packageName) {
+  const linkedDependencyRoot = resolveLinkedDependencyEntry(projectRoot, packageName);
+  if (!linkedDependencyRoot) return false;
+  return isWithinPath(file, linkedDependencyRoot);
+}
+function isLinkedDependencySourcePath(file, projectRoot) {
+  const packageRoot = findNearestPackageRoot(file);
+  if (!packageRoot) return false;
+  const packageName = tryReadPackageName(packageRoot);
+  if (!packageName) return false;
+  return isLinkedDependencyPath(file, projectRoot, packageName);
+}
+function assertPathWithinIdeOpenScope(file, projectRoot) {
+  try {
+    assertPathWithinProject(file, projectRoot);
+    return;
+  } catch {
+    if (isLinkedDependencySourcePath(file, projectRoot)) {
+      return;
+    }
+    throw new Error(`Access denied: File is outside of project workspace`);
   }
 }
@@ -779,7 +865,7 @@ var VSCODE_FAMILY_SCHEMES = [
 ];
 function handleOpenFileRequest(body, serverState3) {
   const absolutePath = resolveWorkspacePath(body.file, serverState3.cwd);
-  assertPathWithinProject(absolutePath, serverState3.projectRoot);
+  assertPathWithinIdeOpenScope(absolutePath, serverState3.projectRoot);
   const userConfig = loadUserConfigSync(false, serverState3.cwd, serverState3.configRoot);
   const configuredIde = userConfig.ide;
   const activeIde = serverState3.ideInfo?.ide;
@@ -837,7 +923,7 @@ function handleOpenFileRequest(body, serverState3) {
 }
 // src/server/project-root.ts
-var import_node_fs2 = __toESM(require("fs"), 1);
+var import_node_fs3 = __toESM(require("fs"), 1);
 var import_node_path3 = __toESM(require("path"), 1);
 var import_node_child_process3 = require("child_process");
 var serverLogger3 = createLogger("inspecto:server", { logLevel: getGlobalLogLevel() });
@@ -855,7 +941,7 @@ function resolveProjectRoot() {
     let current = start;
     while (!visited.has(current)) {
       visited.add(current);
-      if (import_node_fs2.default.existsSync(import_node_path3.default.join(current, ".inspecto"))) return current;
+      if (import_node_fs3.default.existsSync(import_node_path3.default.join(current, ".inspecto"))) return current;
       if (current === stop) break;
       const parent = import_node_path3.default.dirname(current);
       if (parent === current) break;
@@ -927,28 +1013,28 @@ async function startServer() {
   const portFile = import_node_path4.default.join(import_node_os2.default.tmpdir(), "inspecto.port.json");
   try {
     let portData = {};
-    if (import_node_fs3.default.existsSync(portFile)) {
+    if (import_node_fs4.default.existsSync(portFile)) {
       try {
-        portData = JSON.parse(import_node_fs3.default.readFileSync(portFile, "utf-8"));
+        portData = JSON.parse(import_node_fs4.default.readFileSync(portFile, "utf-8"));
       } catch (e) {
       }
     }
     const rootHash = import_node_crypto2.default.createHash("md5").update(serverState.projectRoot).digest("hex");
     portData[rootHash] = port;
-    import_node_fs3.default.writeFileSync(portFile, JSON.stringify(portData, null, 2), "utf-8");
+    import_node_fs4.default.writeFileSync(portFile, JSON.stringify(portData, null, 2), "utf-8");
   } catch (e) {
     serverLogger4.warn("Failed to write port file:", e);
   }
   process.once("exit", () => {
     try {
-      if (import_node_fs3.default.existsSync(portFile)) {
-        const portData = JSON.parse(import_node_fs3.default.readFileSync(portFile, "utf-8"));
+      if (import_node_fs4.default.existsSync(portFile)) {
+        const portData = JSON.parse(import_node_fs4.default.readFileSync(portFile, "utf-8"));
         const rootHash = import_node_crypto2.default.createHash("md5").update(serverState.projectRoot).digest("hex");
         delete portData[rootHash];
         if (Object.keys(portData).length === 0) {
-          import_node_fs3.default.unlinkSync(portFile);
+          import_node_fs4.default.unlinkSync(portFile);
         } else {
-          import_node_fs3.default.writeFileSync(portFile, JSON.stringify(portData, null, 2), "utf-8");
+          import_node_fs4.default.writeFileSync(portFile, JSON.stringify(portData, null, 2), "utf-8");
         }
       }
     } catch {
@@ -1017,8 +1103,10 @@ async function handleRequest(url, req, res) {
     }
     try {
       handleOpenFileRequest(body, serverState);
-    } catch {
-      serverLogger4.warn(`Security: Blocked path traversal attempt in IDE_OPEN: ${body.file}`);
+    } catch (err) {
+      serverLogger4.warn(
+        `Security: Blocked path traversal attempt in IDE_OPEN: ${body.file}. Reason: ${err.message}`
+      );
       res.writeHead(403, { "Content-Type": "application/json" });
       res.end(JSON.stringify({ error: "Access denied: File is outside of project workspace" }));
       return;
@@ -1036,8 +1124,10 @@ async function handleRequest(url, req, res) {
       const absolutePath = resolveWorkspacePath(file, serverState.cwd);
       try {
         assertPathWithinProject(absolutePath, serverState.projectRoot);
-      } catch {
-        serverLogger4.warn(`Security: Blocked path traversal attempt in PROJECT_SNIPPET: ${file}`);
+      } catch (err) {
+        serverLogger4.warn(
+          `Security: Blocked path traversal attempt in PROJECT_SNIPPET: ${file}. Reason: ${err.message}`
+        );
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(
           JSON.stringify({