npm - intention-coding - Versions diffs - 0.0.8 → 0.0.9 - Mend

intention-coding 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.cjs CHANGED Viewed

@@ -4090,6 +4090,27 @@ function removeImagesFromMarkdown(content) {
     cleaned = cleaned.replace(/\n{3,}/g, '\n\n');
     return cleaned.trim();
 }
+async function validateAndResolvePath(filePath) {
+    if ('win32' === process.platform && filePath.startsWith('\\\\')) filePath = '\\\\?\\UNC\\' + filePath.substring(2);
+    const normalized = external_path_default().normalize(filePath);
+    const resolved = external_path_default().resolve(normalized);
+    const cwd = process.cwd();
+    if (!resolved.startsWith(cwd)) {
+        logger_logger.warn(`\u{6587}\u{4EF6}\u{8BBF}\u{95EE}\u{8D85}\u{51FA}\u{5DE5}\u{4F5C}\u{76EE}\u{5F55}: ${filePath}`);
+        throw new Error(`\u{6587}\u{4EF6}\u{8BBF}\u{95EE}\u{8D85}\u{51FA}\u{5DE5}\u{4F5C}\u{76EE}\u{5F55}: ${filePath}`);
+    }
+    if (!resolved.toLowerCase().endsWith('.docx')) {
+        logger_logger.warn(`\u{4EC5}\u{652F}\u{6301}.docx\u{683C}\u{5F0F}\u{6587}\u{4EF6}: ${filePath}`);
+        throw new Error(`\u{4EC5}\u{652F}\u{6301}.docx\u{683C}\u{5F0F}\u{6587}\u{4EF6}: ${filePath}`);
+    }
+    try {
+        await external_fs_namespaceObject.promises.access(resolved, external_fs_namespaceObject.promises.constants.R_OK);
+    } catch (error) {
+        logger_logger.warn(`\u{6587}\u{4EF6}\u{4E0D}\u{5B58}\u{5728}\u{6216}\u{4E0D}\u{53EF}\u{8BFB}: ${resolved}`, error);
+        throw new Error(`\u{6587}\u{4EF6}\u{4E0D}\u{5B58}\u{5728}\u{6216}\u{4E0D}\u{53EF}\u{8BFB}: ${resolved}`);
+    }
+    return resolved;
+}
 const promises_namespaceObject = require("fs/promises");
 var promises_default = /*#__PURE__*/ __webpack_require__.n(promises_namespaceObject);
 const requirementClarifier = {
@@ -4829,9 +4850,8 @@ const word2mdTool = {
         const { file_path } = args;
         try {
             if (!word2md_validateFilePath(file_path)) throw new Error(`\u{6587}\u{4EF6}\u{8DEF}\u{5F84}\u{65E0}\u{6548}: ${file_path}`);
-            const stats = await promises_namespaceObject.stat(file_path);
-            if (stats.size > 104857600) throw new Error(`\u{6587}\u{4EF6}\u{8D85}\u{8FC7}10MB\u{9650}\u{5236}\u{FF0C}\u{5F53}\u{524D}\u{5927}\u{5C0F}: ${stats.size}\u{5B57}\u{8282}`);
-            const buffer = await promises_namespaceObject.readFile(file_path);
+            const resolvedPath = await validateAndResolvePath(file_path);
+            const buffer = await promises_namespaceObject.readFile(resolvedPath);
             const htmlResult = await external_mammoth_namespaceObject.convertToHtml({
                 buffer
             });

package/dist/index.js CHANGED Viewed

@@ -2,9 +2,9 @@
 import { FastMCP } from "fastmcp";
 import winston from "winston";
 import winston_daily_rotate_file from "winston-daily-rotate-file";
-import fs_0, { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import fs_0, { existsSync, mkdirSync, promises, readFileSync, writeFileSync } from "fs";
 import path_0, { join } from "path";
-import promises, { mkdir, readFile, stat, writeFile } from "fs/promises";
+import fs_promises, { mkdir, readFile, writeFile } from "fs/promises";
 import { runCli as external_aico_pack_runCli } from "aico-pack";
 import { convertToHtml } from "mammoth";
 import html_to_md from "html-to-md";
@@ -4079,6 +4079,27 @@ function removeImagesFromMarkdown(content) {
     cleaned = cleaned.replace(/\n{3,}/g, '\n\n');
     return cleaned.trim();
 }
+async function validateAndResolvePath(filePath) {
+    if ('win32' === process.platform && filePath.startsWith('\\\\')) filePath = '\\\\?\\UNC\\' + filePath.substring(2);
+    const normalized = path_0.normalize(filePath);
+    const resolved = path_0.resolve(normalized);
+    const cwd = process.cwd();
+    if (!resolved.startsWith(cwd)) {
+        logger_logger.warn(`\u{6587}\u{4EF6}\u{8BBF}\u{95EE}\u{8D85}\u{51FA}\u{5DE5}\u{4F5C}\u{76EE}\u{5F55}: ${filePath}`);
+        throw new Error(`\u{6587}\u{4EF6}\u{8BBF}\u{95EE}\u{8D85}\u{51FA}\u{5DE5}\u{4F5C}\u{76EE}\u{5F55}: ${filePath}`);
+    }
+    if (!resolved.toLowerCase().endsWith('.docx')) {
+        logger_logger.warn(`\u{4EC5}\u{652F}\u{6301}.docx\u{683C}\u{5F0F}\u{6587}\u{4EF6}: ${filePath}`);
+        throw new Error(`\u{4EC5}\u{652F}\u{6301}.docx\u{683C}\u{5F0F}\u{6587}\u{4EF6}: ${filePath}`);
+    }
+    try {
+        await promises.access(resolved, promises.constants.R_OK);
+    } catch (error) {
+        logger_logger.warn(`\u{6587}\u{4EF6}\u{4E0D}\u{5B58}\u{5728}\u{6216}\u{4E0D}\u{53EF}\u{8BFB}: ${resolved}`, error);
+        throw new Error(`\u{6587}\u{4EF6}\u{4E0D}\u{5B58}\u{5728}\u{6216}\u{4E0D}\u{53EF}\u{8BFB}: ${resolved}`);
+    }
+    return resolved;
+}
 const requirementClarifier = {
     name: "requirement_clarifier",
     description: "\u9700\u6C42\u5DE5\u7A0B\u5E08 - \u5206\u6790\u7528\u6237\u9700\u6C42\u5B8C\u6574\u6027\uFF0C\u4E3B\u52A8\u53D1\u73B0\u4E0D\u660E\u786E\u7684\u5730\u65B9",
@@ -4096,7 +4117,7 @@ const requirementClarifier = {
             });
             let context = user_input;
             if (file_path) {
-                const markdownContent = await promises.readFile(file_path, 'utf8');
+                const markdownContent = await fs_promises.readFile(file_path, 'utf8');
                 context = removeImagesFromMarkdown(markdownContent);
             }
             const analysisContent = await getAiAnalysis(context);
@@ -4108,7 +4129,7 @@ const requirementClarifier = {
             });
             const fileName = sanitizeFileName(analysisContent.length > 10 ? analysisContent.substring(0, 10) : `analysis_${Date.now()}`);
             const mdDir = path_0.join(getStorageDir(), 'prd');
-            await promises.mkdir(mdDir, {
+            await fs_promises.mkdir(mdDir, {
                 recursive: true
             });
             const mdPath = path_0.join(mdDir, `${fileName}.md`);
@@ -4128,7 +4149,7 @@ const requirementClarifier = {
                         }))
                 });
             }
-            await promises.writeFile(mdPath, finalContent, 'utf8');
+            await fs_promises.writeFile(mdPath, finalContent, 'utf8');
             logger_logger.info({
                 module: 'requirement_clarifier',
                 message: "\u9700\u6C42\u5206\u6790\u6587\u4EF6\u5DF2\u4FDD\u5B58",
@@ -4199,7 +4220,7 @@ const saveSubAnalysisFiles = async (mainDir, contentArray)=>{
         const safeFileName = `${sanitizeFileName(title)}.md`;
         const filePath = path_0.join(mainDir, safeFileName);
         try {
-            await promises.writeFile(filePath, content, 'utf8');
+            await fs_promises.writeFile(filePath, content, 'utf8');
             subFiles.push({
                 title,
                 path: filePath
@@ -4471,7 +4492,7 @@ const requirementManagerTool = {
 };
 async function packProject() {
     const mdDir = path_0.join(getStorageDir(), 'tech');
-    await promises.mkdir(mdDir, {
+    await fs_promises.mkdir(mdDir, {
         recursive: true
     });
     logger_logger.info(`\u{1F4C2} \u{6B63}\u{5728}\u{5206}\u{6790}\u{5F53}\u{524D}\u{672C}\u{5730}\u{9879}\u{76EE}`);
@@ -4812,9 +4833,8 @@ const word2mdTool = {
         const { file_path } = args;
         try {
             if (!word2md_validateFilePath(file_path)) throw new Error(`\u{6587}\u{4EF6}\u{8DEF}\u{5F84}\u{65E0}\u{6548}: ${file_path}`);
-            const stats = await stat(file_path);
-            if (stats.size > 104857600) throw new Error(`\u{6587}\u{4EF6}\u{8D85}\u{8FC7}10MB\u{9650}\u{5236}\u{FF0C}\u{5F53}\u{524D}\u{5927}\u{5C0F}: ${stats.size}\u{5B57}\u{8282}`);
-            const buffer = await readFile(file_path);
+            const resolvedPath = await validateAndResolvePath(file_path);
+            const buffer = await readFile(resolvedPath);
             const htmlResult = await convertToHtml({
                 buffer
             });

package/dist/utils/common.d.ts CHANGED Viewed

@@ -10,3 +10,7 @@ export declare function removeImagesFromMarkdown(content: string): string;
  * 验证文件路径安全性
  */
 export declare function validateFilePath(filePath: string): boolean;
+/**
+ * 安全验证并标准化路径 (新增)
+ */
+export declare function validateAndResolvePath(filePath: string): Promise<string>;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "intention-coding",
-  "version": "0.0.8",
+  "version": "0.0.9",
   "description": "软件工程化的需求分析，功能设计，代码编写，测试运行和发布部署",
   "type": "module",
   "exports": {