vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 15:10:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): share scan path helpers

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-15 04:29:12 +00:00
parent 0241194591
commit b373461032
3 changed files with 19 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/security/audit-extra.async.ts
View File

@@ -31,6 +31,7 @@ import {
inspectPathPermissions,
safeStat,
} from "./audit-fs.js";
import { extensionUsesSkippedScannerPath, isPathInside } from "./scan-paths.js";
import * as skillScanner from "./skill-scanner.js";
export type SecurityAuditFinding = {
@@ -62,22 +63,6 @@ function expandTilde(p: string, env: NodeJS.ProcessEnv): string | null {
return null;
}
function isPathInside(basePath: string, candidatePath: string): boolean {
const base = path.resolve(basePath);
const candidate = path.resolve(candidatePath);
const rel = path.relative(base, candidate);
return rel === "" || (!rel.startsWith(`..${path.sep}`) && rel !== ".." && !path.isAbsolute(rel));
}
function extensionUsesSkippedScannerPath(entry: string): boolean {
const segments = entry.split(/[\\/]+/).filter(Boolean);
return segments.some(
(segment) =>
segment === "node_modules" ||
(segment.startsWith(".") && segment !== "." && segment !== ".."),
);
}
async function readPluginManifestExtensions(pluginPath: string): Promise<string[]> {
const manifestPath = path.join(pluginPath, "package.json");
const raw = await fs.readFile(manifestPath, "utf-8").catch(() => "");