piral-cli 1.5.3-beta.6977 → 1.5.3-beta.6983
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/external/index.js +15 -4
- package/package.json +2 -2
package/lib/external/index.js
CHANGED
|
@@ -48891,6 +48891,7 @@ var require_unpack = __commonJS({
|
|
|
48891
48891
|
var getFlag = require_get_write_flag();
|
|
48892
48892
|
var platform = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
|
|
48893
48893
|
var isWindows = platform === "win32";
|
|
48894
|
+
var DEFAULT_MAX_DEPTH = 1024;
|
|
48894
48895
|
var unlinkFile = (path2, cb) => {
|
|
48895
48896
|
if (!isWindows) {
|
|
48896
48897
|
return fs2.unlink(path2, cb);
|
|
@@ -48967,6 +48968,7 @@ var require_unpack = __commonJS({
|
|
|
48967
48968
|
}
|
|
48968
48969
|
this.processUid = (this.preserveOwner || this.setOwner) && process.getuid ? process.getuid() : null;
|
|
48969
48970
|
this.processGid = (this.preserveOwner || this.setOwner) && process.getgid ? process.getgid() : null;
|
|
48971
|
+
this.maxDepth = typeof opt.maxDepth === "number" ? opt.maxDepth : DEFAULT_MAX_DEPTH;
|
|
48970
48972
|
this.forceChown = opt.forceChown === true;
|
|
48971
48973
|
this.win32 = !!opt.win32 || isWindows;
|
|
48972
48974
|
this.newer = !!opt.newer;
|
|
@@ -48996,12 +48998,12 @@ var require_unpack = __commonJS({
|
|
|
48996
48998
|
}
|
|
48997
48999
|
}
|
|
48998
49000
|
[CHECKPATH](entry) {
|
|
49001
|
+
const p = normPath(entry.path);
|
|
49002
|
+
const parts = p.split("/");
|
|
48999
49003
|
if (this.strip) {
|
|
49000
|
-
const parts = normPath(entry.path).split("/");
|
|
49001
49004
|
if (parts.length < this.strip) {
|
|
49002
49005
|
return false;
|
|
49003
49006
|
}
|
|
49004
|
-
entry.path = parts.slice(this.strip).join("/");
|
|
49005
49007
|
if (entry.type === "Link") {
|
|
49006
49008
|
const linkparts = normPath(entry.linkpath).split("/");
|
|
49007
49009
|
if (linkparts.length >= this.strip) {
|
|
@@ -49010,10 +49012,19 @@ var require_unpack = __commonJS({
|
|
|
49010
49012
|
return false;
|
|
49011
49013
|
}
|
|
49012
49014
|
}
|
|
49015
|
+
parts.splice(0, this.strip);
|
|
49016
|
+
entry.path = parts.join("/");
|
|
49017
|
+
}
|
|
49018
|
+
if (isFinite(this.maxDepth) && parts.length > this.maxDepth) {
|
|
49019
|
+
this.warn("TAR_ENTRY_ERROR", "path excessively deep", {
|
|
49020
|
+
entry,
|
|
49021
|
+
path: p,
|
|
49022
|
+
depth: parts.length,
|
|
49023
|
+
maxDepth: this.maxDepth
|
|
49024
|
+
});
|
|
49025
|
+
return false;
|
|
49013
49026
|
}
|
|
49014
49027
|
if (!this.preservePaths) {
|
|
49015
|
-
const p = normPath(entry.path);
|
|
49016
|
-
const parts = p.split("/");
|
|
49017
49028
|
if (parts.includes("..") || isWindows && /^[a-z]:\.\.$/i.test(parts[0])) {
|
|
49018
49029
|
this.warn("TAR_ENTRY_ERROR", `path contains '..'`, {
|
|
49019
49030
|
entry,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "piral-cli",
|
|
3
|
-
"version": "1.5.3-beta.
|
|
3
|
+
"version": "1.5.3-beta.6983",
|
|
4
4
|
"description": "The standard CLI for creating and building a Piral instance or a Pilet.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"portal",
|
|
@@ -81,5 +81,5 @@
|
|
|
81
81
|
"typescript": "^5.0.0",
|
|
82
82
|
"yargs": "^15.0.0"
|
|
83
83
|
},
|
|
84
|
-
"gitHead": "
|
|
84
|
+
"gitHead": "bc34c72c2789c34573a6bbaf5082cd235b54495d"
|
|
85
85
|
}
|