[CSA-28] Use path normalization in API requests (#4580)

* Use path normalization in API requests * Remove CLI webpack config change that's unneeded * Add additional tests
2025-12-14 23:33:31 +00:00 · 2023-02-03 14:24:49 -05:00
parent ff143760d4
commit 6df37dd715
5 changed files with 34 additions and 6 deletions
--- a/libs/common/src/misc/utils.ts
+++ b/libs/common/src/misc/utils.ts
@@ -1,4 +1,6 @@
 /* eslint-disable no-useless-escape */
+import * as path from "path";
+
 import { getHostname, parse } from "tldts";
 import { Merge } from "type-fest";

@@ -498,6 +500,15 @@ export class Utils {
    );
  }

+  /**
+   * Normalizes a path for defense against attacks like traversals
+   * @param denormalizedPath
+   * @returns
+   */
+  static normalizePath(denormalizedPath: string): string {
+    return path.normalize(decodeURIComponent(denormalizedPath)).replace(/^(\.\.(\/|\\|$))+/, "");
+  }
+
  private static isMobile(win: Window) {
    let mobile = false;
    ((a) => {