Skip to content

fix(core): prevent workspace deletion in cleanOutput method (Fixes #57)#60

Merged
michaelbe812 merged 2 commits into
mainfrom
fix/issue-57-vulnerability
Sep 11, 2025
Merged

fix(core): prevent workspace deletion in cleanOutput method (Fixes #57)#60
michaelbe812 merged 2 commits into
mainfrom
fix/issue-57-vulnerability

Conversation

@michaelbe812

Copy link
Copy Markdown
Contributor

Summary

Fixes a critical security vulnerability in the BaseGenerator.cleanOutput() method that could cause catastrophic data loss.

The Problem

  • The cleanOutput() method would delete the entire workspace root directory when given an empty relOutputPath
  • join(ctx.root, '') returns just ctx.root, causing rmSync to delete everything in the workspace
  • This vulnerability was demonstrated in the test suite (line 119-128 in base-generator.spec.ts)

The Solution

  • Added input validation to prevent dangerous path values:
    • Empty strings ('')
    • Whitespace-only strings (' ')
    • Root directory paths ('/')
    • Current directory paths ('.')
  • Throws a descriptive error: 'Cannot clean empty or root output path for safety reasons'
  • Updated comprehensive test suite to verify security validation works correctly

Changes Made

  1. packages/core/src/lib/base-generator.ts: Added safety validation guard clauses
  2. packages/core/src/lib/base-generator.spec.ts:
    • Replaced dangerous test expecting empty path to work
    • Added comprehensive tests for security validation
    • Added tests for whitespace, root, and current directory paths

Test Coverage

  • All 74 core package tests pass
  • All 32 plugin-openapi package tests pass
  • New tests verify errors are thrown for dangerous paths
  • Existing functionality remains intact for valid paths

Risk Assessment

  • Before: High risk of workspace deletion with empty paths
  • After: Safe operation with clear error messages for invalid paths
  • Regression: No functional changes to valid use cases

Closes #57

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Mac Mini added 2 commits September 11, 2025 16:17
Prevent cleanOutput from deleting workspace root when given empty or
dangerous paths. This fixes a critical security vulnerability where
empty relOutputPath would cause deletion of the entire workspace.

- Add validation for empty, whitespace-only, root ('/') and current ('.') paths
- Throw descriptive error for unsafe paths
- Resolves security issue in base-generator

Refs #57
Replace dangerous tests that expected unsafe paths to work with
comprehensive tests that verify security validation throws errors:

- Replace empty path test with error expectation test
- Add tests for whitespace-only, root, and current directory paths
- Replace root directory test with valid nested path test
- Ensure rmSync is not called when validation fails

These tests verify the security fix prevents workspace deletion.

Refs #57
@michaelbe812 michaelbe812 merged commit 466906f into main Sep 11, 2025
1 of 2 checks passed
@michaelbe812 michaelbe812 deleted the fix/issue-57-vulnerability branch September 11, 2025 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fix vulnerability

1 participant