ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-27 23:06:54 +05:00
Code Issues Packages Projects Releases Wiki Activity

feat(ipuaro): add PathValidator security utility (v0.13.0)

Browse Source 
Add centralized path validation to prevent path traversal attacks.

- PathValidator class with sync/async validation methods
- Protects against '..' and '~' traversal patterns
- Validates paths are within project root
- Refactored all 7 file tools to use PathValidator
- 51 new tests for PathValidator
This commit is contained in:
imfozilbek
2025-12-01 14:02:23 +05:00
parent 7d18e87423
commit 2c6eb6ce9b
20 changed files with 746 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/ipuaro/tests/unit/infrastructure/tools/edit/CreateFileTool.test.ts
View File

@@ -224,7 +224,7 @@ describe("CreateFileTool", () => {
const result = await tool.execute({ path: "../outside/file.ts", content: "test" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error if file already exists", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/edit/DeleteFileTool.test.ts
View File

@@ -189,7 +189,7 @@ describe("DeleteFileTool", () => {
const result = await tool.execute({ path: "../outside/file.ts" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error if file does not exist", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/edit/EditLinesTool.test.ts
View File

@@ -296,7 +296,7 @@ describe("EditLinesTool", () => {
)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error when start exceeds file length", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetClassTool.test.ts
View File

@@ -271,7 +271,7 @@ describe("GetClassTool", () => {
const result = await tool.execute({ path: "../outside/file.ts", name: "MyClass" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should handle class with no extends", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetFunctionTool.test.ts
View File

@@ -229,7 +229,7 @@ describe("GetFunctionTool", () => {
const result = await tool.execute({ path: "../outside/file.ts", name: "myFunc" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should pad line numbers correctly for large files", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetLinesTool.test.ts
View File

@@ -214,7 +214,7 @@ describe("GetLinesTool", () => {
const result = await tool.execute({ path: "../outside/file.ts" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error when file not found", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetStructureTool.test.ts
View File

@@ -228,7 +228,7 @@ describe("GetStructureTool", () => {
const result = await tool.execute({ path: "../outside" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error for non-directory path", async () => {