From 0fe5b5c5708abd1c8b9181504feb4ee73db406ca Mon Sep 17 00:00:00 2001
From: zjy <3161362058@qq.com>
Date: Wed, 4 Sep 2024 17:52:35 +0800
Subject: [PATCH] fix ci

---
 docs/website/scripts/sync-docs.js | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/website/scripts/sync-docs.js b/docs/website/scripts/sync-docs.js
index 249518449d06..6fb1a4448788 100644
--- a/docs/website/scripts/sync-docs.js
+++ b/docs/website/scripts/sync-docs.js
@@ -11,6 +11,18 @@ async function generateVersionsJson () {
   await fs.writeJson(versionsJsonPath, versions, { spaces: 2 })
 }
 
+function safeJoin (base, ...parts) {
+  const joined = [base, ...parts].join(path.sep)
+  const normalized = path.normalize(joined)
+
+  const normalizedBase = path.normalize(base)
+  if (!normalized.startsWith(normalizedBase) || normalized === normalizedBase) {
+    throw new Error('路径遍历尝试被阻止')
+  }
+
+  return normalized
+}
+
 async function syncDocs () {
   try {
     // Remove specified directories
@@ -20,7 +32,7 @@ async function syncDocs () {
       'versioned_docs',
       'versioned_sidebars'
       // semgrep-disable-next-line javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
-    ].map(dir => path.join(websiteDir, dir))
+    ].map(dir => safeJoin(websiteDir, dir))
 
     await Promise.all(dirsToRemove.map(dir => fs.remove(dir)))