Bugfix/arbitrary create attachemnt file upload (#4171)

fix arbitrary create attachemnt file upload
2026-06-28 17:01:00 +03:00 · 2025-03-13 19:46:27 +00:00
parent c6968ff385
commit c2b830f279
5 changed files with 59 additions and 16 deletions
@@ -0,0 +1,29 @@
+/**
+ * Validates if a string is a valid UUID v4
+ * @param {string} uuid The string to validate
+ * @returns {boolean} True if valid UUID, false otherwise
+ */
+export const isValidUUID = (uuid: string): boolean => {
+    // UUID v4 regex pattern
+    const uuidV4Pattern = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
+    return uuidV4Pattern.test(uuid)
+}
+
+/**
+ * Validates if a string contains path traversal attempts
+ * @param {string} path The string to validate
+ * @returns {boolean} True if path traversal detected, false otherwise
+ */
+export const isPathTraversal = (path: string): boolean => {
+    // Check for common path traversal patterns
+    const dangerousPatterns = [
+        '..', // Directory traversal
+        '/', // Root directory
+        '\\', // Windows root directory
+        '%2e', // URL encoded .
+        '%2f', // URL encoded /
+        '%5c' // URL encoded \
+    ]
+
+    return dangerousPatterns.some((pattern) => path.toLowerCase().includes(pattern))
+}