@noir-lang/noir_wasm 1.0.0-beta.10-3052aa0.nightly → 1.0.0-beta.10-18f8faf.nightly
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/node/index_bg.wasm +0 -0
- package/dist/node/main.js +6 -0
- package/dist/node/main.js.map +1 -1
- package/dist/web/main.mjs +7 -1
- package/dist/web/main.mjs.map +1 -1
- package/package.json +2 -2
package/dist/node/index_bg.wasm
CHANGED
|
Binary file
|
package/dist/node/main.js
CHANGED
|
@@ -12140,6 +12140,12 @@ function resolveGithubCodeArchive(dependency, format) {
|
|
|
12140
12140
|
if (!owner || !repo || gitUrl.hostname !== 'github.com') {
|
|
12141
12141
|
throw new Error('Invalid Github repository URL');
|
|
12142
12142
|
}
|
|
12143
|
+
// Validate ref to prevent path traversal attacks
|
|
12144
|
+
// First decode any URL encoding to catch encoded path traversal attempts
|
|
12145
|
+
const decodedRef = decodeURIComponent(ref);
|
|
12146
|
+
if (decodedRef.includes('..') || decodedRef.includes('/') || decodedRef.includes('\\')) {
|
|
12147
|
+
throw new Error('Invalid git reference. Git references cannot contain path traversal characters');
|
|
12148
|
+
}
|
|
12143
12149
|
return new URL(`https://github.com/${owner}/${repo}/archive/${ref}.${extension}`);
|
|
12144
12150
|
}
|
|
12145
12151
|
|