这是indexloc提供的服务,不要输入任何密码
Skip to content

Employ strict validations on document pathing #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 19, 2024
Merged

Employ strict validations on document pathing #627

merged 3 commits into from
Jan 19, 2024

Conversation

@timothycarambat
Copy link
Member

@timothycarambat timothycarambat commented Jan 19, 2024

Enforce more strict validations on document tree modification endpoints that can accept a user input.

@review-agent-prime
Copy link

review-agent-prime bot commented Jan 19, 2024

server/utils/files/index.js

Consider adding comments to the newly introduced isWithin function to explain its purpose and how it works. This will improve the readability of the code and make it easier for other developers to understand.
Create Issue
See the diff
Checkout the fix

    /**
     * Checks if a given path is within another path.
     * @param {string} outer - The outer path.
     * @param {string} inner - The inner path.
     * @returns {boolean} - Returns true if the inner path is within the outer path, false otherwise.
     */
    function isWithin(outer, inner) {
      if (outer === inner) return false;
      const rel = path.relative(outer, inner);
      return !rel.startsWith("../") && rel !== "..";
    }
git fetch origin && git checkout -b ReviewBot/The-c-7tse65b origin/ReviewBot/The-c-7tse65b

Consider adding error handling to the isWithin function to handle cases where the provided paths are not valid. This will improve the robustness of the code and make it more resilient to unexpected inputs.
Create Issue
See the diff
Checkout the fix

    function isWithin(outer, inner) {
      try {
        if (outer === inner) return false;
        const rel = path.relative(outer, inner);
        return !rel.startsWith("../") && rel !== "..";
      } catch (error) {
        console.error(`Error checking if path ${inner} is within path ${outer}: ${error}`);
        return false;
      }
    }
git fetch origin && git checkout -b ReviewBot/The-c-tc5dser origin/ReviewBot/The-c-tc5dser

review-agent-prime[bot]
review-agent-prime bot reviewed Jan 19, 2024
View reviewed changes
review-agent-prime[bot]
review-agent-prime bot reviewed Jan 19, 2024
View reviewed changes
@timothycarambat timothycarambat merged commit 8a7324d into master Jan 19, 2024
@timothycarambat timothycarambat deleted the strict-check-doc-folder-commands branch January 19, 2024 20:56
cabwds pushed a commit to cabwds/anything-llm that referenced this pull request Jul 3, 2025
@timothycarambat
Employ strict validations on document pathing (Mintplex-Labs#627)
f4b9bf4 
* Employ strict validations on document pathing

* add comment

* update validSubfolder var
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@review-agent-prime review-agent-prime[bot] review-agent-prime[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timothycarambat