From 6904ec03fec7417ee3733e8a5f84cfda9212126e Mon Sep 17 00:00:00 2001
From: OmarFourati <fourati.omar@gmail.com>
Date: Tue, 9 Jan 2024 11:53:16 +0100
Subject: [PATCH] update property assignement for path traversal

---
 .../blocktype-specific/property-assignment.ts | 22 ++++++++-----------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts b/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts
index 6d176990..2e156cb2 100644
--- a/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts
+++ b/libs/language-server/src/lib/validation/checks/blocktype-specific/property-assignment.ts
@@ -263,19 +263,15 @@ function checkLocalFileExtractorProperty(
   property: PropertyAssignment,
   validationContext: ValidationContext,
 ) {
-  if (propName === 'filePath') {
-    const validPathRegex = /^(?!.*\.\.\/).*$/;
-    const isValidPath = validPathRegex.test(propValue.toString());
-    if (isValidPath === false) {
-      validationContext.accept(
-        'error',
-        'File path cannot start with "../". Path traversal is restricted.',
-        {
-          node: property,
-          property: 'value',
-        },
-      );
-    }
+  if (propName === 'filePath' && propValue.toString().includes('../')) {
+    validationContext.accept(
+      'error',
+      'File path cannot include "../". Path traversal is restricted.',
+      {
+        node: property,
+        property: 'value',
+      },
+    );
   }
 }