cdk-insights 1.37.1 → 1.37.3

package/dist/cli/commands/fix.d.ts

@@ -5,5 +5,39 @@ interface FixCommandArgs {
     apply?: boolean;
     all?: boolean;
 }
+export type SafePathResult = {
+    ok: true;
+    absolutePath: string;
+} | {
+    ok: false;
+    reason: string;
+};
+/**
+ * Reject paths that would let a malicious CDK construct or manifest divert
+ * fix's write to somewhere outside the user's project. `filePath` originates
+ * from `sourceLocation.filePath` on a finding — that field comes from
+ * CDK manifest traces or cdk-insights aspect metadata, both of which a
+ * hostile construct can populate. We require:
+ *
+ *   - after `path.resolve`, the path stays inside `projectRoot`
+ *   - the target is NOT a symlink (so a planted `lib/Stack.ts -> ~/.zshrc`
+ *     in an upstream project can't trick a downstream contributor's
+ *     `fix --apply` into overwriting their dotfiles)
+ *
+ * The follow-up atomic-rename pattern is what actually replaces the file
+ * safely; this check makes the refusal explicit and surfaces a clear error
+ * outcome to the user rather than silently turning a symlink into a regular
+ * file.
+ */
+export declare const resolveSafeWritePath: (filePath: string, projectRoot: string) => SafePathResult;
+/**
+ * Replace the file at `target` with `content` atomically: write to a
+ * sibling temp file then rename. POSIX rename(2) replaces the target
+ * inode atomically, which means a half-written file is never observable
+ * and — as a side effect — a symlink at `target` gets replaced rather
+ * than followed. The temp name is randomised so two concurrent fix
+ * invocations don't collide on the same path.
+ */
+export declare const atomicWriteFile: (target: string, content: string) => void;
 export declare const fixCommand: CommandModule<Record<string, unknown>, FixCommandArgs>;
 export {};

package/dist/cli/commands/fix.test.d.ts

@@ -0,0 +1 @@
+export {};