refactor(security): share safe temp media path builder (#20810)

Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7a088e6801 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-05-08 00:11:23 +00:00 · 2026-02-19 09:59:21 +00:00
parent ee1d6427b5
commit a7c0aa94d9
6 changed files with 78 additions and 13 deletions
--- a/src/plugin-sdk/temp-path.test.ts
+++ b/src/plugin-sdk/temp-path.test.ts
@@ -0,0 +1,32 @@
+import os from "node:os";
+import path from "node:path";
+import { describe, expect, it } from "vitest";
+import { buildRandomTempFilePath } from "./temp-path.js";
+
+describe("buildRandomTempFilePath", () => {
+  it("builds deterministic paths when now/uuid are provided", () => {
+    const result = buildRandomTempFilePath({
+      prefix: "line-media",
+      extension: ".jpg",
+      tmpDir: "/tmp",
+      now: 123,
+      uuid: "abc",
+    });
+    expect(result).toBe(path.join("/tmp", "line-media-123-abc.jpg"));
+  });
+
+  it("sanitizes prefix and extension to avoid path traversal segments", () => {
+    const result = buildRandomTempFilePath({
+      prefix: "../../line/../media",
+      extension: "/../.jpg",
+      now: 123,
+      uuid: "abc",
+    });
+    const tmpRoot = path.resolve(os.tmpdir());
+    const resolved = path.resolve(result);
+    const rel = path.relative(tmpRoot, resolved);
+    expect(rel === ".." || rel.startsWith(`..${path.sep}`)).toBe(false);
+    expect(path.basename(result)).toBe("line-media-123-abc.jpg");
+    expect(result).not.toContain("..");
+  });
+});