@probelabs/probe 0.6.0-rc124 → 0.6.0-rc125

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@probelabs/probe",
3
- "version": "0.6.0-rc124",
3
+ "version": "0.6.0-rc125",
4
4
  "description": "Node.js wrapper for the probe code search tool",
5
5
  "main": "src/index.js",
6
6
  "module": "src/index.js",
@@ -224,19 +224,27 @@ export const listFilesTool = {
224
224
  // Security: Validate path to prevent traversal attacks
225
225
  const secureBaseDir = path.resolve(baseCwd);
226
226
 
227
+ // Check if this is a dependency path that should bypass workspace restrictions
228
+ const isDependencyPath = directory.startsWith('/dep/') ||
229
+ directory.startsWith('go:') ||
230
+ directory.startsWith('js:') ||
231
+ directory.startsWith('rust:');
232
+
227
233
  // If directory is absolute, check if it's within the secure base directory
228
234
  // If it's relative, resolve it against the secure base directory
229
235
  let targetDir;
230
236
  if (path.isAbsolute(directory)) {
231
237
  targetDir = path.resolve(directory);
232
238
  // Check if the absolute path is within the secure base directory
233
- if (!targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
239
+ // Allow dependency paths to bypass this restriction
240
+ if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
234
241
  throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
235
242
  }
236
243
  } else {
237
244
  targetDir = path.resolve(secureBaseDir, directory);
238
245
  // Double-check the resolved path is still within the secure base directory
239
- if (!targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
246
+ // Allow dependency paths to bypass this restriction
247
+ if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
240
248
  throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
241
249
  }
242
250
  }
@@ -323,19 +331,27 @@ export const searchFilesTool = {
323
331
  const baseCwd = workingDirectory || process.cwd();
324
332
  const secureBaseDir = path.resolve(baseCwd);
325
333
 
334
+ // Check if this is a dependency path that should bypass workspace restrictions
335
+ const isDependencyPath = directory.startsWith('/dep/') ||
336
+ directory.startsWith('go:') ||
337
+ directory.startsWith('js:') ||
338
+ directory.startsWith('rust:');
339
+
326
340
  // If directory is absolute, check if it's within the secure base directory
327
341
  // If it's relative, resolve it against the secure base directory
328
342
  let targetDir;
329
343
  if (path.isAbsolute(directory)) {
330
344
  targetDir = path.resolve(directory);
331
345
  // Check if the absolute path is within the secure base directory
332
- if (!targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
346
+ // Allow dependency paths to bypass this restriction
347
+ if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
333
348
  throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
334
349
  }
335
350
  } else {
336
351
  targetDir = path.resolve(secureBaseDir, directory);
337
352
  // Double-check the resolved path is still within the secure base directory
338
- if (!targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
353
+ // Allow dependency paths to bypass this restriction
354
+ if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
339
355
  throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
340
356
  }
341
357
  }