github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 11:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): centralize path guard helpers

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:54:19 +01:00
parent 6ffca36284
commit ed960ba4eb
5 changed files with 178 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/infra/archive.test.ts
View File

@@ -4,6 +4,7 @@ import path from "node:path";
import JSZip from "jszip";
import * as tar from "tar";
import { afterAll, beforeAll, describe, expect, it } from "vitest";
import type { ArchiveSecurityError } from "./archive.js";
import { extractArchive, resolveArchiveKind, resolvePackedRootDir } from "./archive.js";
let fixtureRoot = "";
@@ -95,7 +96,9 @@ describe("archive utils", () => {
await expect(
extractArchive({ archivePath, destDir: extractDir, timeoutMs: 5_000 }),
).rejects.toThrow(/symlink/i);
).rejects.toMatchObject({
code: "destination-symlink-traversal",
} satisfies Partial<ArchiveSecurityError>);
const outsideFile = path.join(outsideDir, "pwn.txt");
const outsideExists = await fs