@topogram/cli 0.3.85 → 0.3.87

package/src/topogram-config.js

@@ -83,6 +83,11 @@ export const DEFAULT_TOPOGRAM_CONFIG = {
     consumers: DEFAULT_RELEASE_CONSUMER_REPOS,
     workflows: DEFAULT_RELEASE_CONSUMER_WORKFLOWS,
     workflowJobs: DEFAULT_RELEASE_CONSUMER_WORKFLOW_JOBS
+  },
+  limits: {
+    remoteFetchMaxBytes: 5 * 1024 * 1024,
+    catalogFetchMaxBytes: null,
+    githubFetchMaxBytes: null
   }
 };
 
@@ -93,6 +98,7 @@ export const DEFAULT_CATALOG_SOURCE = `https://raw.githubusercontent.com/${DEFAU
  * @property {{ owner: string, repo: string }} github
  * @property {{ owner: string, repo: string, ref: string, path: string, source: string|null }} catalog
  * @property {{ consumers: string[], workflows: Record<string, string>, workflowJobs: Record<string, string[]> }} release
+ * @property {{ remoteFetchMaxBytes: number, catalogFetchMaxBytes: number|null, githubFetchMaxBytes: number|null }} limits
  */
 
 /**
@@ -154,6 +160,18 @@ function parseJsonEnv(value) {
   return JSON.parse(value);
 }
 
+/**
+ * @param {string|null|undefined} value
+ * @returns {number|null}
+ */
+function parsePositiveIntegerEnv(value) {
+  if (!value) {
+    return null;
+  }
+  const parsed = Number.parseInt(String(value), 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
+}
+
 /**
  * @param {Record<string, any>} fileConfig
  * @returns {Record<string, any>}
@@ -178,6 +196,11 @@ function envConfig(fileConfig = {}) {
       consumers: consumers || fileConfig.release?.consumers,
       workflows: workflows || fileConfig.release?.workflows,
       workflowJobs: workflowJobs || fileConfig.release?.workflowJobs
+    },
+    limits: {
+      remoteFetchMaxBytes: parsePositiveIntegerEnv(process.env.TOPOGRAM_REMOTE_FETCH_MAX_BYTES) || fileConfig.limits?.remoteFetchMaxBytes,
+      catalogFetchMaxBytes: parsePositiveIntegerEnv(process.env.TOPOGRAM_CATALOG_FETCH_MAX_BYTES) || fileConfig.limits?.catalogFetchMaxBytes,
+      githubFetchMaxBytes: parsePositiveIntegerEnv(process.env.TOPOGRAM_GITHUB_FETCH_MAX_BYTES) || fileConfig.limits?.githubFetchMaxBytes
     }
   };
 }
@@ -235,6 +258,16 @@ function normalizeStringListMap(value, fallback) {
   return output;
 }
 
+/**
+ * @param {unknown} value
+ * @param {number|null} fallback
+ * @returns {number|null}
+ */
+function normalizePositiveInteger(value, fallback) {
+  const parsed = Number.parseInt(String(value || ""), 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
 /**
  * @param {string} cwd
  * @returns {TopogramRuntimeConfig}
@@ -258,6 +291,20 @@ export function topogramRuntimeConfig(cwd = process.cwd()) {
       consumers: normalizeStringList(overrides.release.consumers, DEFAULT_TOPOGRAM_CONFIG.release.consumers),
       workflows: normalizeStringMap(overrides.release.workflows, DEFAULT_TOPOGRAM_CONFIG.release.workflows),
       workflowJobs: normalizeStringListMap(overrides.release.workflowJobs, DEFAULT_TOPOGRAM_CONFIG.release.workflowJobs)
+    },
+    limits: {
+      remoteFetchMaxBytes: normalizePositiveInteger(
+        overrides.limits.remoteFetchMaxBytes,
+        DEFAULT_TOPOGRAM_CONFIG.limits.remoteFetchMaxBytes
+      ) || DEFAULT_TOPOGRAM_CONFIG.limits.remoteFetchMaxBytes,
+      catalogFetchMaxBytes: normalizePositiveInteger(
+        overrides.limits.catalogFetchMaxBytes,
+        DEFAULT_TOPOGRAM_CONFIG.limits.catalogFetchMaxBytes
+      ),
+      githubFetchMaxBytes: normalizePositiveInteger(
+        overrides.limits.githubFetchMaxBytes,
+        DEFAULT_TOPOGRAM_CONFIG.limits.githubFetchMaxBytes
+      )
     }
   };
 }

package/src/workflows/reconcile/adoption-plan/outputs.js

@@ -12,6 +12,27 @@ import { readJsonIfExists, readTextIfExists } from "../../shared.js";
 import { canonicalRelativePathForItem } from "./paths.js";
 import { applyProjectionAuthPatchToTopogram } from "./projection-patches.js";
 
+/** @param {string} rootDir @param {string} relativePath @param {string} fieldName @returns {{ absolutePath: string, relativePath: string }} */
+function resolveContainedTopoPath(rootDir, relativePath, fieldName) {
+  const rawPath = String(relativePath || "").replaceAll("\\", "/");
+  if (!rawPath.trim()) {
+    throw new Error(`Adoption plan ${fieldName} must be a non-empty relative path.`);
+  }
+  if (rawPath.includes("\0") || path.isAbsolute(rawPath) || /^[A-Za-z]:\//.test(rawPath)) {
+    throw new Error(`Adoption plan ${fieldName} must be relative to the topo workspace: ${relativePath}`);
+  }
+  const absoluteRoot = path.resolve(rootDir);
+  const absolutePath = path.resolve(absoluteRoot, rawPath);
+  const relativeToRoot = path.relative(absoluteRoot, absolutePath);
+  if (!relativeToRoot || relativeToRoot.startsWith("..") || path.isAbsolute(relativeToRoot)) {
+    throw new Error(`Adoption plan ${fieldName} escapes the topo workspace: ${relativePath}`);
+  }
+  return {
+    absolutePath,
+    relativePath: relativeToRoot.replaceAll(path.sep, "/")
+  };
+}
+
 /** @param {WorkspacePaths} paths @returns {any} */
 export function readAdoptionPlan(paths) {
   return readJsonIfExists(path.join(paths.topogramRoot, "candidates", "reconcile", "adoption-plan.json"));
@@ -55,11 +76,15 @@ export function buildCanonicalAdoptionOutputs(paths, candidateFiles, planItems,
     if (item.suggested_action === "skip_duplicate_shape") {
       continue;
     }
-    const relativeCanonicalPath = item.canonical_rel_path || canonicalRelativePathForItem(item.kind, item.item);
-    if (!relativeCanonicalPath) {
+    const rawRelativeCanonicalPath = item.canonical_rel_path || canonicalRelativePathForItem(item.kind, item.item);
+    if (!rawRelativeCanonicalPath) {
       continue;
     }
-    const canonicalPath = path.join(paths.topogramRoot, relativeCanonicalPath);
+    const { absolutePath: canonicalPath, relativePath: relativeCanonicalPath } = resolveContainedTopoPath(
+      paths.topogramRoot,
+      rawRelativeCanonicalPath,
+      "canonical_rel_path"
+    );
     if (item.suggested_action === "apply_doc_link_patch") {
       const baseContents = files[relativeCanonicalPath] || (fs.existsSync(canonicalPath) ? fs.readFileSync(canonicalPath, "utf8") : null);
       if (!baseContents) {
@@ -113,7 +138,9 @@ export function buildCanonicalAdoptionOutputs(paths, candidateFiles, planItems,
     }
     const candidateContents =
       candidateFiles[item.source_path] ||
-      (item.source_path ? readTextIfExists(path.join(paths.topogramRoot, item.source_path)) : null);
+      (item.source_path
+        ? readTextIfExists(resolveContainedTopoPath(paths.topogramRoot, item.source_path, "source_path").absolutePath)
+        : null);
     if (!candidateContents) {
       continue;
     }

package/src/workflows/shared.js

@@ -79,15 +79,36 @@ export function listFilesRecursive(rootDir, predicate = () => true, options = {}
     return [];
   }
   const ignoredDirs = options.ignoredDirs || DEFAULT_IGNORED_DIRS;
+  let rootRealPath;
+  try {
+    rootRealPath = fs.realpathSync(rootDir);
+  } catch {
+    return [];
+  }
+  const visitedDirs = new Set([rootRealPath]);
   /** @type {any[]} */
   const files = [];
   const walk = (/** @type {any} */ currentDir) => {
     for (const entry of fs.readdirSync(currentDir, { withFileTypes: true })) {
       const childPath = path.join(currentDir, entry.name);
+      if (entry.isSymbolicLink()) {
+        continue;
+      }
       if (entry.isDirectory()) {
         if (ignoredDirs.has(entry.name)) {
           continue;
         }
+        let childRealPath;
+        try {
+          childRealPath = fs.realpathSync(childPath);
+        } catch {
+          continue;
+        }
+        const relativeToRoot = path.relative(rootRealPath, childRealPath);
+        if (relativeToRoot.startsWith("..") || path.isAbsolute(relativeToRoot) || visitedDirs.has(childRealPath)) {
+          continue;
+        }
+        visitedDirs.add(childRealPath);
         walk(childPath);
         continue;
       }