ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-28 07:16:53 +05:00
Code Issues Packages Projects Releases Wiki Activity

feat(ipuaro): add PathValidator security utility (v0.13.0)

Browse Source 
Add centralized path validation to prevent path traversal attacks.

- PathValidator class with sync/async validation methods
- Protects against '..' and '~' traversal patterns
- Validates paths are within project root
- Refactored all 7 file tools to use PathValidator
- 51 new tests for PathValidator
This commit is contained in:
imfozilbek
2025-12-01 14:02:23 +05:00
parent 7d18e87423
commit 2c6eb6ce9b
20 changed files with 746 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetClassTool.test.ts
View File

@@ -271,7 +271,7 @@ describe("GetClassTool", () => {
const result = await tool.execute({ path: "../outside/file.ts", name: "MyClass" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should handle class with no extends", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetFunctionTool.test.ts
View File

@@ -229,7 +229,7 @@ describe("GetFunctionTool", () => {
const result = await tool.execute({ path: "../outside/file.ts", name: "myFunc" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should pad line numbers correctly for large files", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetLinesTool.test.ts
View File

@@ -214,7 +214,7 @@ describe("GetLinesTool", () => {
const result = await tool.execute({ path: "../outside/file.ts" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error when file not found", async () => {

2
packages/ipuaro/tests/unit/infrastructure/tools/read/GetStructureTool.test.ts
View File

@@ -228,7 +228,7 @@ describe("GetStructureTool", () => {
const result = await tool.execute({ path: "../outside" }, ctx)
expect(result.success).toBe(false)
expect(result.error).toBe("Path must be within project root")
expect(result.error).toBe("Path contains traversal patterns")
})
it("should return error for non-directory path", async () => {