alihan/repomix
1
0
Fork 0
mirror of https://github.com/yamadashy/repomix.git synced 2025-06-11 00:25:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(website): Add safety limits for recursive directory traversal to prevent performance issues

Browse Source
This commit is contained in:
Kazuki Yamada
2025-06-08 14:02:01 +09:00
parent 03b6b1ea73
commit 135e5352c2
1 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
website/client/composables/useFileUpload.ts
View File

@@ -229,11 +229,38 @@ export function useFileUpload(config: FileUploadConfig) {
} }
} }
// Constants for safety limits
const MAX_DEPTH = 20;
const MAX_FILES = 10000;
// Helper functions for folder processing // Helper functions for folder processing
async function collectFilesFromEntry(entry: FileSystemEntry, path = ''): Promise<File[]> { async function collectFilesFromEntry(
entry: FileSystemEntry,
path = '',
depth = 0,
fileCount = { current: 0 },
): Promise<File[]> {
// Check depth limit
if (depth > MAX_DEPTH) {
throw new Error(`Directory structure too deep (max depth: ${MAX_DEPTH})`);
}
// Check file count limit
if (fileCount.current > MAX_FILES) {
throw new Error(`Too many files in directory structure (max files: ${MAX_FILES})`);
}
if (entry.isFile) { if (entry.isFile) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
(entry as FileSystemFileEntry).file((file: File) => { (entry as FileSystemFileEntry).file((file: File) => {
// Check file count before adding
if (fileCount.current >= MAX_FILES) {
reject(new Error(`Too many files in directory structure (max files: ${MAX_FILES})`));
return;
}
fileCount.current++;
const customFile = new File([file], file.name, { const customFile = new File([file], file.name, {
type: file.type, type: file.type,
lastModified: file.lastModified, lastModified: file.lastModified,
@@ -260,8 +287,16 @@ export function useFileUpload(config: FileUploadConfig) {
} else { } else {
try { try {
for (const childEntry of entries) { for (const childEntry of entries) {
// Check limits before processing each entry
if (depth + 1 > MAX_DEPTH) {
throw new Error(`Directory structure too deep (max depth: ${MAX_DEPTH})`);
}
if (fileCount.current > MAX_FILES) {
throw new Error(`Too many files in directory structure (max files: ${MAX_FILES})`);
}
const newPath = path ? `${path}/${childEntry.name}` : childEntry.name; const newPath = path ? `${path}/${childEntry.name}` : childEntry.name;
const files = await collectFilesFromEntry(childEntry, newPath); const files = await collectFilesFromEntry(childEntry, newPath, depth + 1, fileCount);
allFiles.push(...files); allFiles.push(...files);
} }
readEntries(); readEntries();