Skip to content

Commit a8b968e

Browse files
nedaKaighobadinedaKaighobadi
committed
fix duplication
1 parent 2d8cef5 commit a8b968e

1 file changed

Lines changed: 3 additions & 27 deletions

File tree

src/cli/WinWSLCodacyCli.ts

Lines changed: 3 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
import { MacCodacyCli } from './MacCodacyCli'
2-
import * as path from 'path'
3-
import Logger from '../common/logger'
42

53
export class WinWSLCodacyCli extends MacCodacyCli {
64
constructor(rootPath: string, provider?: string, organization?: string, repository?: string) {
@@ -39,32 +37,10 @@ export class WinWSLCodacyCli extends MacCodacyCli {
3937
// Convert WSL path to Windows format for validation
4038
const winFilePath = filePath.startsWith('/mnt/') ? WinWSLCodacyCli.fromWSLPath(filePath) : filePath
4139

42-
// Validate path security (in Windows format to match this.rootPath)
43-
// Reject null bytes (always a security risk)
44-
if (winFilePath.includes('\0')) {
45-
Logger.warn(`Path contains null byte: ${filePath}`)
46-
throw new Error(`Unsafe file path rejected: ${filePath}`)
40+
// Validate path security before escaping
41+
if (!this.isPathSafe(winFilePath)) {
42+
throw new Error(`Unsafe file path rejected: ${winFilePath}`)
4743
}
48-
49-
// Reject all control characters
50-
// eslint-disable-next-line no-control-regex -- Intentionally checking for control chars to reject them for security
51-
const hasUnsafeControlChars = /[\x00-\x1F\x7F]/.test(winFilePath)
52-
if (hasUnsafeControlChars) {
53-
Logger.warn(`Path contains unsafe control characters: ${filePath}`)
54-
throw new Error(`Unsafe file path rejected: ${filePath}`)
55-
}
56-
57-
// Resolve the path to check for path traversal attempts
58-
// Both paths should be in Windows format at this point
59-
const resolvedPath = path.resolve(this.rootPath, winFilePath)
60-
const normalizedRoot = path.normalize(this.rootPath)
61-
62-
// Check if the resolved path is within the workspace
63-
if (!resolvedPath.startsWith(normalizedRoot)) {
64-
Logger.warn(`Path traversal attempt detected: ${filePath} resolves outside workspace`)
65-
throw new Error(`Unsafe file path rejected: ${filePath}`)
66-
}
67-
6844
// Convert to WSL format and escape special characters
6945
const wslPath = WinWSLCodacyCli.toWSLPath(winFilePath)
7046
const escapedPath = wslPath.replace(/([\s'"\\;&|`$()[\]{}*?~<>])/g, '\\$1')

0 commit comments

Comments
 (0)