morten/mini-loader
1
0
Fork 0
mirror of https://github.com/morten-olsen/mini-loader.git synced 2026-02-08 01:36:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: insecure tmp path (#33)

Browse Source 
Fixes #13
This commit is contained in:
Morten Olsen
2024-01-14 13:00:17 +01:00
committed by GitHub
parent 7436b3439c
commit 028b65587e
5 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/runner/src/index.ts
View File

@@ -5,10 +5,11 @@ type RunOptions = {
script: string;
input?: Buffer | string;
secrets?: Record<string, string>;
cacheLocation: string;
};
const run = async ({ script, input, secrets }: RunOptions) => {
const info = await setup({ script, input, secrets });
const run = async ({ script, input, secrets, cacheLocation }: RunOptions) => {
const info = await setup({ script, input, secrets, cacheLocation });
const worker = new Worker(info.scriptLocation, {
stdin: false,

4
packages/runner/src/setup/setup.ts
View File

@@ -1,5 +1,4 @@
import { join } from 'path';
import os from 'os';
import { nanoid } from 'nanoid';
import { chmod, mkdir, rm, writeFile } from 'fs/promises';
import { createServer } from 'net';
@@ -9,6 +8,7 @@ type SetupOptions = {
input?: Buffer | string;
script: string;
secrets?: Record<string, string>;
cacheLocation: string;
};
type RunEvents = {
@@ -20,7 +20,7 @@ type RunEvents = {
const setup = async (options: SetupOptions) => {
const { input, script, secrets } = options;
const emitter = new EventEmitter<RunEvents>();
const dataDir = join(os.tmpdir(), 'mini-loader', nanoid());
const dataDir = join(options.cacheLocation, nanoid());
await mkdir(dataDir, { recursive: true });
await chmod(dataDir, 0o700);