fix 0323 code ql

Azure · Feb 24, 2025 · 7c1b777 · 7c1b777
1 parent 4351dd0
commit 7c1b777
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/src/server/serverBase.ts b/src/server/serverBase.ts
@@ -14,7 +14,7 @@ import * as he from 'he';
 import { EventHubConsumerClient, Subscription, ReceivedEventData, earliestEventPosition } from '@azure/event-hubs';
 import { generateDataPlaneRequestBody, generateDataPlaneResponse } from './dataPlaneHelper';
 import { convertIotHubToEventHubsConnectionString } from './eventHubHelper';
-import { fetchDirectories, findMatchingFile, readFileFromLocal, SAFE_ROOT } from './utils';
+import { checkPath, fetchDirectories, findMatchingFile, readFileFromLocal, SAFE_ROOT } from './utils';
 
 export const SERVER_ERROR = 500;
 export const SUCCESS = 200;
@@ -89,7 +89,8 @@ export const handleReadFileRequest = (req: express.Request, res: express.Respons
             res.status(BAD_REQUEST).send();
         }
         else {
-            const fileNames = fs.readdirSync(filePath);
+            const resolvedPath = checkPath(filePath);
+            const fileNames = fs.readdirSync(resolvedPath);
             try {
                 const foundContent = findMatchingFile(filePath, fileNames, expectedFileName);
                 if (foundContent) {

diff --git a/src/server/utils.ts b/src/server/utils.ts
@@ -29,13 +29,7 @@ export const SAFE_ROOT = getSafeRoot();
 
 export const fetchDirectories = (dir: string, res: express.Response) => {
     try {
-        // Resolve the requested directory relative to the safe root
-        const resolvedPath = fs.realpathSync(path.resolve(SAFE_ROOT, path.relative(SAFE_ROOT, dir)));
-
-        // Ensure resolvedPath is still inside SAFE_ROOT (prevents traversal attacks)
-        if (!resolvedPath.startsWith(SAFE_ROOT)) {
-            return res.status(403).send({ error: "Access denied. Unsafe directory." });
-        }
+        const resolvedPath = checkPath(dir);
 
         const result: string[] = [];
         for (const item of fs.readdirSync(resolvedPath)) {
@@ -101,12 +95,19 @@ const isFileExtensionJson = (fileName: string) => {
 
 export const readFileFromLocal = (filePath: string, fileName: string) => {
     // Resolve the requested directory relative to the safe root
-    const resolvedPath = fs.realpathSync(path.resolve(SAFE_ROOT, path.relative(SAFE_ROOT, `${filePath}/${fileName}`)));
+    const resolvedPath = checkPath(`${filePath}/${fileName}`);
+
+    return fs.readFileSync(resolvedPath, 'utf-8');
+}
+
+export const checkPath = (filePath: string) => {
+    // Resolve the requested directory relative to the safe root
+    const resolvedPath = fs.realpathSync(path.resolve(SAFE_ROOT, path.relative(SAFE_ROOT, filePath)));
 
     // Ensure resolvedPath is still inside SAFE_ROOT (prevents traversal attacks)
     if (!resolvedPath.startsWith(SAFE_ROOT)) {
         throw new Error("Access denied. Unsafe directory.");
     }
-    
-    return fs.readFileSync(`${filePath}/${fileName}`, 'utf-8');
+
+    return resolvedPath;
 }