@mintlify/link-rot 3.0.840 → 3.0.841
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -20,6 +20,14 @@ import { existsSync, renameSync } from 'fs';
|
|
|
20
20
|
import path from 'path';
|
|
21
21
|
import { removeFileExtension, getPagePaths, addLeadingSlash } from '../prebuild.js';
|
|
22
22
|
import renameInternalLinksInPage from './renameInternalLinksInPage.js';
|
|
23
|
+
const validatePathWithinCwd = (inputPath) => {
|
|
24
|
+
const baseDir = process.cwd();
|
|
25
|
+
const resolvedPath = path.resolve(baseDir, inputPath);
|
|
26
|
+
const relative = path.relative(baseDir, resolvedPath);
|
|
27
|
+
if (relative.startsWith(`..${path.sep}`) || relative === '..' || path.isAbsolute(relative)) {
|
|
28
|
+
throw new Error(`Access denied: path "${inputPath}" is outside the current directory`);
|
|
29
|
+
}
|
|
30
|
+
};
|
|
23
31
|
/**
|
|
24
32
|
* Renames a link in the file system. If the link is a directory, all links within the directory will be renamed as well.
|
|
25
33
|
* @param oldFilePath - The existing directory or file to rename
|
|
@@ -31,6 +39,9 @@ export const renameFilesAndUpdateLinksInContent = (oldFilePathString_1, newFileP
|
|
|
31
39
|
const oldFilePath = path.parse(path.normalize(oldFilePathString));
|
|
32
40
|
const newFilePath = path.parse(path.normalize(newFilePathString));
|
|
33
41
|
try {
|
|
42
|
+
// Validate paths are within current working directory to prevent path traversal
|
|
43
|
+
validatePathWithinCwd(oldFilePathString);
|
|
44
|
+
validatePathWithinCwd(newFilePathString);
|
|
34
45
|
if (oldFilePath.dir === newFilePath.dir && oldFilePath.base === newFilePath.base) {
|
|
35
46
|
throw new Error('the two file paths are the same.');
|
|
36
47
|
}
|