vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-16 20:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden file installs and race-path tests

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 19:29:17 +00:00
parent e1bc5cad25
commit dbbd41a2ed
5 changed files with 199 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/test-utils/symlink-rebind-race.ts
View File

@@ -1,6 +1,17 @@
import fs from "node:fs/promises";
import path from "node:path";
import { vi } from "vitest";
export async function createRebindableDirectoryAlias(params: {
aliasPath: string;
targetPath: string;
}): Promise<void> {
const aliasPath = path.resolve(params.aliasPath);
const targetPath = path.resolve(params.targetPath);
await fs.rm(aliasPath, { recursive: true, force: true });
await fs.symlink(targetPath, aliasPath, process.platform === "win32" ? "junction" : undefined);
}
export async function withRealpathSymlinkRebindRace<T>(params: {
shouldFlip: (realpathInput: string) => boolean;
symlinkPath: string;
@@ -17,13 +28,17 @@ export async function withRealpathSymlinkRebindRace<T>(params: {
if (!flipped && params.shouldFlip(filePath)) {
flipped = true;
if (params.timing !== "after-realpath") {
await fs.rm(params.symlinkPath, { recursive: true, force: true });
await fs.symlink(params.symlinkTarget, params.symlinkPath);
await createRebindableDirectoryAlias({
aliasPath: params.symlinkPath,
targetPath: params.symlinkTarget,
});
return await realRealpath(...args);
}
const resolved = await realRealpath(...args);
await fs.rm(params.symlinkPath, { recursive: true, force: true });
await fs.symlink(params.symlinkTarget, params.symlinkPath);
await createRebindableDirectoryAlias({
aliasPath: params.symlinkPath,
targetPath: params.symlinkTarget,
});
return resolved;
}
return await realRealpath(...args);