catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-03-01 15:03:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): implement path validation to prevent traversal attacks in session handling

Browse Source
This commit is contained in:
catlog22
2026-02-26 09:56:35 +08:00
parent 519efe9783
commit 21e3647331
8 changed files with 211 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ccw/src/tools/session-content-parser.ts
View File

@@ -4,6 +4,7 @@
*/
import { readFileSync, existsSync } from 'fs';
import { readFile, access } from 'fs/promises';
import { parseClaudeSession } from './claude-session-parser.js';
import { parseOpenCodeSession } from './opencode-session-parser.js';
@@ -178,15 +179,27 @@ function isJSONL(content: string): boolean {
}
/**
* Parse a native session file and return standardized conversation data
* Check if a path exists (async)
*/
export function parseSessionFile(filePath: string, tool: string): ParsedSession | null {
if (!existsSync(filePath)) {
async function pathExists(filePath: string): Promise<boolean> {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
/**
* Parse a native session file and return standardized conversation data (async)
*/
export async function parseSessionFile(filePath: string, tool: string): Promise<ParsedSession | null> {
if (!(await pathExists(filePath))) {
return null;
}
try {
const content = readFileSync(filePath, 'utf8');
const content = await readFile(filePath, 'utf8');
switch (tool) {
case 'gemini':