fix: directly copy path validator code over

dcshzj · dcshzj · commit 187b013ecac1 · 2025-10-16T18:13:57.000+08:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -41,7 +41,6 @@
     "@octokit/rest": "^20.1.1",
     "@opengovsg/formsg-sdk": "^0.11.0",
     "@opengovsg/sgid-client": "^2.0.0",
-    "@opengovsg/starter-kitty-validators": "^1.2.11",
     "@slack/bolt": "^3.19.0",
     "auto-bind": "^4.0.0",
     "aws-lambda": "^1.0.7",
@@ -113,7 +112,9 @@
     "validator": "^13.12.0",
     "winston": "^3.13.0",
     "winston-cloudwatch": "^6.3.0",
-    "yaml": "^2.4.2"
+    "yaml": "^2.4.2",
+    "zod": "^3.25.76",
+    "zod-validation-error": "^3.5.3"
   },
   "devDependencies": {
     "@octokit/types": "^6.35.0",
diff --git a/src/services/db/GitFileSystemService.ts b/src/services/db/GitFileSystemService.ts
@@ -1,7 +1,6 @@
 import fs from "fs"
 import path from "path"
 
-import { createPathSchema } from "@opengovsg/starter-kitty-validators"
 import { err, errAsync, ok, okAsync, Result, ResultAsync } from "neverthrow"
 import {
   CleanOptions,
@@ -21,6 +20,8 @@ import { NotFoundError } from "@errors/NotFoundError"
 
 import tracer from "@utils/tracer"
 
+import { createPathSchema } from "@validators/path"
+
 import {
   EFS_VOL_PATH_STAGING,
   EFS_VOL_PATH_STAGING_LITE,
diff --git a/src/validators/path.js b/src/validators/path.js
@@ -0,0 +1,81 @@
+const path = require("path")
+
+const { z } = require("zod")
+const { fromError } = require("zod-validation-error")
+
+class OptionsError extends Error {
+  constructor(message) {
+    super(message)
+    this.name = "OptionsError"
+  }
+}
+
+const optionsSchema = z.object({
+  basePath: z
+    .string()
+    .refine(
+      (basePath) =>
+        basePath === path.resolve(basePath) && path.isAbsolute(basePath),
+      "The base path must be an absolute path"
+    ),
+})
+
+const isSafePath = (absPath, basePath) => {
+  // check for poison null bytes
+  if (absPath.indexOf("\0") !== -1) {
+    return false
+  }
+  // check for backslashes
+  if (absPath.indexOf("\\") !== -1) {
+    return false
+  }
+
+  // check for dot segments, even if they don't normalize to anything
+  if (absPath.includes("..")) {
+    return false
+  }
+
+  // check if the normalized path is within the provided 'safe' base path
+  if (path.resolve(basePath, path.relative(basePath, absPath)) !== absPath) {
+    return false
+  }
+  if (absPath.indexOf(basePath) !== 0) {
+    return false
+  }
+  return true
+}
+
+const createValidationSchema = (options) =>
+  z
+    .string()
+    // resolve the path relative to the Node process's current working directory
+    // since that's what fs operations will be relative to
+    .transform((untrustedPath) => path.resolve(untrustedPath))
+    // resolvedPath is now an absolute path
+    .refine((resolvedPath) => isSafePath(resolvedPath, options.basePath), {
+      message: "The provided path is unsafe.",
+    })
+
+const toSchema = (options) =>
+  z.string().trim().pipe(createValidationSchema(options))
+
+/**
+ * Create a schema that validates user-supplied pathnames for filesystem operations.
+ *
+ * @param options - The options to use for validation
+ * @throws {@link OptionsError} If the options are invalid
+ * @returns A Zod schema that validates paths.
+ *
+ * @public
+ */
+const createPathSchema = (options) => {
+  const result = optionsSchema.safeParse(options)
+  if (result.success) {
+    return toSchema(result.data)
+  }
+  throw new OptionsError(fromError(result.error).toString())
+}
+
+module.exports = {
+  createPathSchema,
+}
