fix ci

labring · Sep 4, 2024 · 7a54567 · 7a54567
1 parent a290548
commit 7a54567
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/docs/website/scripts/sync-docs.js b/docs/website/scripts/sync-docs.js
@@ -11,6 +11,18 @@ async function generateVersionsJson () {
   await fs.writeJson(versionsJsonPath, versions, { spaces: 2 })
 }
 
+function safeJoin (base, ...parts) {
+  const joined = [base, ...parts].join(path.sep)
+  const normalized = path.normalize(joined)
+
+  const normalizedBase = path.normalize(base)
+  if (!normalized.startsWith(normalizedBase) || normalized === normalizedBase) {
+    throw new Error('路径遍历尝试被阻止')
+  }
+
+  return normalized
+}
+
 async function syncDocs () {
   try {
     // Remove specified directories
@@ -19,8 +31,7 @@ async function syncDocs () {
       'i18n/zh-Hans/docusaurus-plugin-content-docs',
       'versioned_docs',
       'versioned_sidebars'
-      // semgrep-disable-next-line javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
-    ].map(dir => path.join(websiteDir, dir))
+    ].map(dir => safeJoin(websiteDir, dir))
 
     await Promise.all(dirsToRemove.map(dir => fs.remove(dir)))