ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-03 21:03:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(platform): improve node-finder security and documentation

Browse Source 
- Add null byte validation to shell command output (security hardening)
- Expand VERSION_DIR_PATTERN comment to explain intentional pre-release support

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Kacper
2025-12-21 15:07:38 +01:00
parent b18672f66d
commit b00568176c
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libs/platform/src/node-finder.ts
View File

@@ -10,7 +10,11 @@ import fs from 'fs';
import path from 'path'; import path from 'path';
import os from 'os'; import os from 'os';
/** Pattern to match version directories (e.g., "v18.17.0", "18.17.0") */ /**
* Pattern to match version directories (e.g., "v18.17.0", "18.17.0", "v18")
* Intentionally permissive to match pre-release versions (v18.17.0-beta, v18.17.0-rc1)
* since localeCompare with numeric:true handles sorting correctly
*/
const VERSION_DIR_PATTERN = /^v?\d+/; const VERSION_DIR_PATTERN = /^v?\d+/;
/** Result of finding Node.js executable */ /** Result of finding Node.js executable */
@@ -236,7 +240,8 @@ function findNodeViaShell(
// 'where' on Windows can return multiple lines, take the first // 'where' on Windows can return multiple lines, take the first
const nodePath = result.split(/\r?\n/)[0]; const nodePath = result.split(/\r?\n/)[0];
if (nodePath && fs.existsSync(nodePath)) { // Validate path: check for null bytes (security) and existence
if (nodePath && !nodePath.includes('\x00') && fs.existsSync(nodePath)) {
return { return {
nodePath, nodePath,
source: platform === 'win32' ? 'where' : 'which', source: platform === 'win32' ? 'where' : 'which',