refactor(security): share safe temp media path builder (#20810)

Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7a088e6801 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-05-08 21:18:28 +00:00 · 2026-02-19 09:59:21 +00:00
parent ee1d6427b5
commit a7c0aa94d9
6 changed files with 78 additions and 13 deletions
--- a/src/plugin-sdk/temp-path.ts
+++ b/src/plugin-sdk/temp-path.ts
@@ -0,0 +1,39 @@
+import crypto from "node:crypto";
+import os from "node:os";
+import path from "node:path";
+
+function sanitizePrefix(prefix: string): string {
+  const normalized = prefix.replace(/[^a-zA-Z0-9_-]+/g, "-").replace(/^-+|-+$/g, "");
+  return normalized || "tmp";
+}
+
+function sanitizeExtension(extension?: string): string {
+  if (!extension) {
+    return "";
+  }
+  const normalized = extension.startsWith(".") ? extension : `.${extension}`;
+  const suffix = normalized.match(/[a-zA-Z0-9._-]+$/)?.[0] ?? "";
+  const token = suffix.replace(/^[._-]+/, "");
+  if (!token) {
+    return "";
+  }
+  return `.${token}`;
+}
+
+export function buildRandomTempFilePath(params: {
+  prefix: string;
+  extension?: string;
+  tmpDir?: string;
+  now?: number;
+  uuid?: string;
+}): string {
+  const prefix = sanitizePrefix(params.prefix);
+  const extension = sanitizeExtension(params.extension);
+  const nowCandidate = params.now;
+  const now =
+    typeof nowCandidate === "number" && Number.isFinite(nowCandidate)
+      ? Math.trunc(nowCandidate)
+      : Date.now();
+  const uuid = params.uuid?.trim() || crypto.randomUUID();
+  return path.join(params.tmpDir ?? os.tmpdir(), `${prefix}-${now}-${uuid}${extension}`);
+}