WIP: migrate typhoon to new-mock #1488
Draft
+22,044
−12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@arsforza FYI: I did some quick initial work on migrating typhoon to new mock, but I'm going to quit it now. Just so you know, whenever you get to it. |
jannisvisser
force-pushed
the
wip.typhoon-new-mock
branch
from
a529a10
to
776e335
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| trackFileName = `${filePath}/typhoon-track-no-landfall-yet.json`; | ||
| } | ||
|
|
||
| const trackRaw = fs.readFileSync(trackFileName, 'utf-8'); |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 2 months ago
To fix the problem, we need to ensure that the constructed file path is contained within a safe root directory. This can be achieved by normalizing the path using path.resolve and then checking that the normalized path starts with the root directory. If the path is not within the root directory, we should reject the request.
- Import the
pathmodule. - Define a constant for the root directory.
- Normalize the constructed file path using
path.resolve. - Check if the normalized path starts with the root directory.
- If the path is valid, proceed with reading the file; otherwise, handle the error appropriately.
Suggested changeset
1
services/API-service/src/scripts/mock-helper.service.ts
| @@ -1,2 +1,3 @@ | ||
| import fs from 'fs'; | ||
| import path from 'path'; | ||
| import { Injectable } from '@nestjs/common'; | ||
| @@ -296,9 +297,14 @@ | ||
| ) { | ||
| const filePath = `./src/scripts/mock-data/${DisasterType.Typhoon}/${countryCodeISO3}/${scenarioName}/${event.eventName}`; | ||
| let trackFileName = `${filePath}/typhoon-track.json`; | ||
| const ROOT_DIR = path.resolve('./src/scripts/mock-data'); | ||
| const filePath = path.resolve(ROOT_DIR, `${DisasterType.Typhoon}/${countryCodeISO3}/${scenarioName}/${event.eventName}`); | ||
| let trackFileName = path.resolve(filePath, 'typhoon-track.json'); | ||
| // TODO: Implement the following scenarios | ||
| if (scenarioName === TyphoonScenario.EventNoLandfall) { | ||
| trackFileName = `${filePath}/typhoon-track-no-landfall.json`; | ||
| trackFileName = path.resolve(filePath, 'typhoon-track-no-landfall.json'); | ||
| } else if (scenarioName === TyphoonScenario.EventNoLandfallYet) { | ||
| trackFileName = `${filePath}/typhoon-track-no-landfall-yet.json`; | ||
| trackFileName = path.resolve(filePath, 'typhoon-track-no-landfall-yet.json'); | ||
| } | ||
|
|
||
| if (!trackFileName.startsWith(ROOT_DIR)) { | ||
| throw new Error('Invalid file path'); | ||
| } |
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.