mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(core): Restrict read/write file paths access (#6582)

Browse Source
This commit is contained in:
Michael Kret
2023-07-31 15:20:39 +03:00
committed by GitHub
parent 7cd45885bf
commit f6bf9e9887
8 changed files with 141 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/nodes-base/nodes/ReadBinaryFile/ReadBinaryFile.node.ts
View File

@@ -67,15 +67,17 @@ export class ReadBinaryFile implements INodeType {
}
const filePath = this.getNodeParameter('filePath', itemIndex);
const stream = await this.helpers.createReadStream(filePath);
const dataPropertyName = this.getNodeParameter('dataPropertyName', itemIndex);
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
newItem.binary![dataPropertyName] = await this.helpers.prepareBinaryData(stream, filePath);
returnData.push(newItem);
} catch (error) {
if (this.continueOnFail()) {
returnData.push({
json: {
error: error.message,
error: (error as Error).message,
},
pairedItem: {
item: itemIndex,

1
packages/nodes-base/nodes/ReadBinaryFiles/ReadBinaryFiles.node.ts
View File

@@ -4,6 +4,7 @@ import type {
INodeType,
INodeTypeDescription,
} from 'n8n-workflow';
import glob from 'fast-glob';
export class ReadBinaryFiles implements INodeType {

15
packages/nodes-base/nodes/WriteBinaryFile/WriteBinaryFile.node.ts
View File

@@ -1,13 +1,12 @@
import type { Readable } from 'stream';
import { BINARY_ENCODING } from 'n8n-workflow';
import type {
IExecuteFunctions,
INodeExecutionData,
INodeType,
INodeTypeDescription,
} from 'n8n-workflow';
import { BINARY_ENCODING } from 'n8n-workflow';
import { writeFile as fsWriteFile } from 'fs/promises';
import type { Readable } from 'stream';
export class WriteBinaryFile implements INodeType {
description: INodeTypeDescription = {
@@ -73,9 +72,10 @@ export class WriteBinaryFile implements INodeType {
const dataPropertyName = this.getNodeParameter('dataPropertyName', itemIndex);
const fileName = this.getNodeParameter('fileName', itemIndex) as string;
const options = this.getNodeParameter('options', 0, {});
const flag = options.append ? 'a' : 'w';
const flag: string = options.append ? 'a' : 'w';
item = items[itemIndex];
@@ -97,7 +97,8 @@ export class WriteBinaryFile implements INodeType {
}
// Write the file to disk
await fsWriteFile(fileName, fileContent, { encoding: 'binary', flag });
// eslint-disable-next-line @typescript-eslint/no-unsafe-call
await this.helpers.writeContentToFile(fileName, fileContent, flag);
if (item.binary !== undefined) {
// Create a shallow copy of the binary data so that the old
@@ -116,7 +117,7 @@ export class WriteBinaryFile implements INodeType {
if (this.continueOnFail()) {
returnData.push({
json: {
error: error.message,
error: (error as Error).message,
},
pairedItem: {
item: itemIndex,

18
packages/nodes-base/utils/utilities.ts
View File

@@ -25,8 +25,8 @@ import { isEqual, isNull, merge } from 'lodash';
* // => [['a', 'b', 'c'], ['d']]
*/
export function chunk(array: any[], size = 1) {
const length = array == null ? 0 : array.length;
export function chunk<T>(array: T[], size = 1) {
const length = array === null ? 0 : array.length;
if (!length || size < 1) {
return [];
}
@@ -37,7 +37,7 @@ export function chunk(array: any[], size = 1) {
while (index < length) {
result[resIndex++] = array.slice(index, (index += size));
}
return result;
return result as T[][];
}
/**
@@ -51,20 +51,22 @@ export function chunk(array: any[], size = 1) {
*
*/
export function flatten(nestedArray: any[][]) {
export function flatten<T>(nestedArray: T[][]) {
const result = [];
(function loop(array: any[] | any) {
(function loop(array: T[] | T[][]) {
for (let i = 0; i < array.length; i++) {
if (Array.isArray(array[i])) {
loop(array[i]);
loop(array[i] as T[]);
} else {
result.push(array[i]);
}
}
})(nestedArray);
return result;
//TODO: check logic in MicrosoftSql.node.ts
// eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-return
return result as any;
}
export function updateDisplayOptions(
@@ -210,7 +212,7 @@ export function wrapData(data: IDataObject | IDataObject[]): INodeExecutionData[
export const keysToLowercase = <T>(headers: T) => {
if (typeof headers !== 'object' || Array.isArray(headers) || headers === null) return headers;
return Object.entries(headers).reduce((acc, [key, value]) => {
acc[key.toLowerCase()] = value;
acc[key.toLowerCase()] = value as IDataObject;
return acc;
}, {} as IDataObject);
};