@probelabs/probe 0.6.0-rc124 → 0.6.0-rc125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/agent/index.js +6 -4
- package/build/agent/probeTool.js +20 -4
- package/cjs/agent/ProbeAgent.cjs +3816 -4283
- package/cjs/index.cjs +3818 -4285
- package/package.json +1 -1
- package/src/agent/probeTool.js +20 -4
package/package.json
CHANGED
package/src/agent/probeTool.js
CHANGED
|
@@ -224,19 +224,27 @@ export const listFilesTool = {
|
|
|
224
224
|
// Security: Validate path to prevent traversal attacks
|
|
225
225
|
const secureBaseDir = path.resolve(baseCwd);
|
|
226
226
|
|
|
227
|
+
// Check if this is a dependency path that should bypass workspace restrictions
|
|
228
|
+
const isDependencyPath = directory.startsWith('/dep/') ||
|
|
229
|
+
directory.startsWith('go:') ||
|
|
230
|
+
directory.startsWith('js:') ||
|
|
231
|
+
directory.startsWith('rust:');
|
|
232
|
+
|
|
227
233
|
// If directory is absolute, check if it's within the secure base directory
|
|
228
234
|
// If it's relative, resolve it against the secure base directory
|
|
229
235
|
let targetDir;
|
|
230
236
|
if (path.isAbsolute(directory)) {
|
|
231
237
|
targetDir = path.resolve(directory);
|
|
232
238
|
// Check if the absolute path is within the secure base directory
|
|
233
|
-
|
|
239
|
+
// Allow dependency paths to bypass this restriction
|
|
240
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
234
241
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
235
242
|
}
|
|
236
243
|
} else {
|
|
237
244
|
targetDir = path.resolve(secureBaseDir, directory);
|
|
238
245
|
// Double-check the resolved path is still within the secure base directory
|
|
239
|
-
|
|
246
|
+
// Allow dependency paths to bypass this restriction
|
|
247
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
240
248
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
241
249
|
}
|
|
242
250
|
}
|
|
@@ -323,19 +331,27 @@ export const searchFilesTool = {
|
|
|
323
331
|
const baseCwd = workingDirectory || process.cwd();
|
|
324
332
|
const secureBaseDir = path.resolve(baseCwd);
|
|
325
333
|
|
|
334
|
+
// Check if this is a dependency path that should bypass workspace restrictions
|
|
335
|
+
const isDependencyPath = directory.startsWith('/dep/') ||
|
|
336
|
+
directory.startsWith('go:') ||
|
|
337
|
+
directory.startsWith('js:') ||
|
|
338
|
+
directory.startsWith('rust:');
|
|
339
|
+
|
|
326
340
|
// If directory is absolute, check if it's within the secure base directory
|
|
327
341
|
// If it's relative, resolve it against the secure base directory
|
|
328
342
|
let targetDir;
|
|
329
343
|
if (path.isAbsolute(directory)) {
|
|
330
344
|
targetDir = path.resolve(directory);
|
|
331
345
|
// Check if the absolute path is within the secure base directory
|
|
332
|
-
|
|
346
|
+
// Allow dependency paths to bypass this restriction
|
|
347
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
333
348
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
334
349
|
}
|
|
335
350
|
} else {
|
|
336
351
|
targetDir = path.resolve(secureBaseDir, directory);
|
|
337
352
|
// Double-check the resolved path is still within the secure base directory
|
|
338
|
-
|
|
353
|
+
// Allow dependency paths to bypass this restriction
|
|
354
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
339
355
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
340
356
|
}
|
|
341
357
|
}
|