[Architecture] G1nation V2 Refactor

2026-04-24 18:23:21 +09:00
parent 48f41e98c2
commit 0e20dff154
5 changed files with 895 additions and 2103 deletions
@@ -0,0 +1,34 @@
+import * as vscode from 'vscode';
+import * as path from 'path';
+
+/**
+ * Validates that a path is within the workspace.
+ * Prevents Path Traversal attacks.
+ */
+export function validatePath(workspaceRoot: string, targetPath: string): string {
+    const absolutePath = path.resolve(workspaceRoot, targetPath);
+    if (!absolutePath.startsWith(workspaceRoot)) {
+        throw new Error(`Security Violation: Path traversal detected! Attempted to access ${absolutePath} which is outside the workspace ${workspaceRoot}`);
+    }
+    return absolutePath;
+}
+
+/**
+ * Sanitizes terminal commands to prevent destructive actions.
+ */
+export function sanitizeCommand(command: string): string {
+    const forbiddenPatterns = [
+        /rm\s+-rf\s+\//,
+        /mkfs/,
+        /dd\s+if=/,
+        />\s*\/dev\/sd/,
+        /:(){:|:&};:/  // Fork bomb
+    ];
+
+    for (const pattern of forbiddenPatterns) {
+        if (pattern.test(command)) {
+            throw new Error(`Security Violation: Destructive command pattern detected! Blocked: ${command}`);
+        }
+    }
+    return command;
+}