ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-01 08:13:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: integrate secure file system operations across services

Browse Source 
This commit replaces direct file system operations with a secure file system adapter to enhance security by enforcing path validation. The changes include:

- Replaced `fs` imports with `secureFs` in various services and utilities.
- Updated file operations in `agent-service`, `auto-mode-service`, `feature-loader`, and `settings-service` to use the secure file system methods.
- Ensured that all file I/O operations are validated against the ALLOWED_ROOT_DIRECTORY.

This refactor aims to prevent unauthorized file access and improve overall security posture.

Tests: All unit tests passing.

🤖 Generated with Claude Code
This commit is contained in:
Test User
2025-12-20 18:45:39 -05:00
parent ade80484bb
commit f3c9e828e2
45 changed files with 329 additions and 551 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/server/src/services/settings-service.ts
View File

@@ -7,8 +7,7 @@
* - Per-project settings ({projectPath}/.automaker/settings.json)
*/
import fs from "fs/promises";
import path from "path";
import * as secureFs from "../lib/secure-fs.js";
import { createLogger } from "../lib/logger.js";
import {
getGlobalSettingsPath,
@@ -47,12 +46,12 @@ async function atomicWriteJson(filePath: string, data: unknown): Promise<void> {
const content = JSON.stringify(data, null, 2);
try {
await fs.writeFile(tempPath, content, "utf-8");
await fs.rename(tempPath, filePath);
await secureFs.writeFile(tempPath, content, "utf-8");
await secureFs.rename(tempPath, filePath);
} catch (error) {
// Clean up temp file if it exists
try {
await fs.unlink(tempPath);
await secureFs.unlink(tempPath);
} catch {
// Ignore cleanup errors
}
@@ -65,7 +64,7 @@ async function atomicWriteJson(filePath: string, data: unknown): Promise<void> {
*/
async function readJsonFile<T>(filePath: string, defaultValue: T): Promise<T> {
try {
const content = await fs.readFile(filePath, "utf-8");
const content = await secureFs.readFile(filePath, "utf-8") as string;
return JSON.parse(content) as T;
} catch (error) {
if ((error as NodeJS.ErrnoException).code === "ENOENT") {
@@ -81,7 +80,7 @@ async function readJsonFile<T>(filePath: string, defaultValue: T): Promise<T> {
*/
async function fileExists(filePath: string): Promise<boolean> {
try {
await fs.access(filePath);
await secureFs.access(filePath);
return true;
} catch {
return false;