depwire-cli 0.9.23 → 0.9.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -445,6 +445,16 @@ async function connectToRepo(source, subdirectory, state) {
|
|
|
445
445
|
}
|
|
446
446
|
}
|
|
447
447
|
projectRoot = subdirectory ? join3(cloneDir, subdirectory) : cloneDir;
|
|
448
|
+
if (subdirectory) {
|
|
449
|
+
const resolvedRoot = resolve(cloneDir);
|
|
450
|
+
const resolvedProject = resolve(projectRoot);
|
|
451
|
+
if (!resolvedProject.startsWith(resolvedRoot + "/") && resolvedProject !== resolvedRoot) {
|
|
452
|
+
return {
|
|
453
|
+
error: "Access denied",
|
|
454
|
+
message: "Subdirectory must be within the project root"
|
|
455
|
+
};
|
|
456
|
+
}
|
|
457
|
+
}
|
|
448
458
|
} else {
|
|
449
459
|
const validation2 = validateProjectPath(source);
|
|
450
460
|
if (!validation2.valid) {
|
|
@@ -460,6 +470,16 @@ async function connectToRepo(source, subdirectory, state) {
|
|
|
460
470
|
};
|
|
461
471
|
}
|
|
462
472
|
projectRoot = subdirectory ? join3(source, subdirectory) : source;
|
|
473
|
+
if (subdirectory) {
|
|
474
|
+
const resolvedRoot = resolve(source);
|
|
475
|
+
const resolvedProject = resolve(projectRoot);
|
|
476
|
+
if (!resolvedProject.startsWith(resolvedRoot + "/") && resolvedProject !== resolvedRoot) {
|
|
477
|
+
return {
|
|
478
|
+
error: "Access denied",
|
|
479
|
+
message: "Subdirectory must be within the project root"
|
|
480
|
+
};
|
|
481
|
+
}
|
|
482
|
+
}
|
|
463
483
|
projectName = basename2(projectRoot);
|
|
464
484
|
}
|
|
465
485
|
const validation = validateProjectPath(projectRoot);
|
package/dist/index.js
CHANGED
package/dist/mcpb-entry.js
CHANGED