Benachrichtigungen erweitert
Emails korrigiert
This commit is contained in:
Torsten Schulz (local)
45
scripts/verify-no-public-writes.js
Normal file
45
scripts/verify-no-public-writes.js
Normal file
@@ -0,0 +1,45 @@
|
||||
import fs from 'fs'
|
||||
import path from 'path'
|
||||
|
||||
const repoRoot = process.cwd()
|
||||
const scanRoots = ['server']
|
||||
const sourceExtensions = new Set(['.js', '.mjs', '.ts'])
|
||||
|
||||
const publicWritePattern = /\b(writeFile|appendFile|copyFile|rename|mkdir)\s*\([^)]*(public[/\\](?:data|uploads)|['"`]public['"`]\s*,\s*['"`](?:data|uploads)['"`])/s
|
||||
|
||||
function walk(dir) {
|
||||
const entries = fs.readdirSync(dir, { withFileTypes: true })
|
||||
return entries.flatMap((entry) => {
|
||||
const fullPath = path.join(dir, entry.name)
|
||||
if (entry.isDirectory()) return walk(fullPath)
|
||||
return [fullPath]
|
||||
})
|
||||
}
|
||||
|
||||
const findings = []
|
||||
|
||||
for (const root of scanRoots) {
|
||||
const absoluteRoot = path.join(repoRoot, root)
|
||||
if (!fs.existsSync(absoluteRoot)) continue
|
||||
|
||||
for (const filePath of walk(absoluteRoot)) {
|
||||
if (!sourceExtensions.has(path.extname(filePath))) continue
|
||||
|
||||
const content = fs.readFileSync(filePath, 'utf8')
|
||||
if (!publicWritePattern.test(content)) continue
|
||||
|
||||
const relativePath = path.relative(repoRoot, filePath)
|
||||
findings.push(relativePath)
|
||||
}
|
||||
}
|
||||
|
||||
if (findings.length > 0) {
|
||||
console.error('Runtime-Schreibzugriffe nach public/data oder public/uploads gefunden:')
|
||||
for (const finding of findings) {
|
||||
console.error(`- ${finding}`)
|
||||
}
|
||||
console.error('Bitte stattdessen server/data bzw. server/data/public-data verwenden.')
|
||||
process.exit(1)
|
||||
}
|
||||
|
||||
console.log('OK: keine serverseitigen Runtime-Schreibzugriffe nach public/data oder public/uploads gefunden.')
|
||||
Reference in New Issue
Block a user