update property assignement for path traversal

jvalue · Jan 9, 2024 · 6904ec0 · 6904ec0
1 parent 02f8242
commit 6904ec0
Showing 1 changed file with 9 additions and 13 deletions.
diff --git a/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts b/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts
@@ -263,19 +263,15 @@ function checkLocalFileExtractorProperty(
   property: PropertyAssignment,
   validationContext: ValidationContext,
 ) {
-  if (propName === 'filePath') {
-    const validPathRegex = /^(?!.*\.\.\/).*$/;
-    const isValidPath = validPathRegex.test(propValue.toString());
-    if (isValidPath === false) {
-      validationContext.accept(
-        'error',
-        'File path cannot start with "../". Path traversal is restricted.',
-        {
-          node: property,
-          property: 'value',
-        },
-      );
-    }
+  if (propName === 'filePath' && propValue.toString().includes('../')) {
+    validationContext.accept(
+      'error',
+      'File path cannot include "../". Path traversal is restricted.',
+      {
+        node: property,
+        property: 'value',
+      },
+    );
   }
 }