Restrict file operations to shared folder for remixd

Author: ioedeveloper

libs/remixd/src/utils.ts

@@ -12,9 +12,25 @@ import * as pathModule from 'path'
 function absolutePath (path: string, sharedFolder:string): string {
   path = normalizePath(path)
   path = pathModule.resolve(sharedFolder, path)
+  if (!isSubDirectory(pathModule.resolve(process.cwd(), sharedFolder), path)) throw new Error('Cannot read/write to path outside shared folder.')
   return path
 }
 
+/**
+ * returns a true if child is sub-directory of parent.
+ *
+ * @param {String} parent - path to parent directory
+ * @param {String} child - child path
+ * @return {Boolean}
+ */
+function isSubDirectory (parent: string, child: string) {
+  if (!parent) return false
+  if (parent === child) return true
+  const relative = pathModule.relative(parent, child)
+
+  return !!relative && relative.split(pathModule.sep)[0] !== '..'
+}
+
 /**
  * return the relative path of the given @arg path
  *

package.json

@@ -85,7 +85,7 @@
     "nightwatch_local_url": "npm run build:e2e & nightwatch --config dist/apps/remix-ide-e2e/nightwatch.js dist/apps/remix-ide-e2e/src/tests/url.test.js --env=chrome",
     "nightwatch_local_verticalIconscontextmenu": "npm run build:e2e & nightwatch --config dist/apps/remix-ide-e2e/nightwatch.js dist/apps/remix-ide-e2e/src/tests/verticalIconsPanel.test.js --env=chrome",
     "onchange": "onchange apps/remix-ide/build/app.js -- npm-run-all lint",
-    "remixd": "nx build remixd & nx serve remixd --folder=./apps/remix-ide/contracts --remixide=http://127.0.0.1:8080",
+    "remixd": "nx build remixd && nx serve remixd --folder=./apps/remix-ide/contracts --remixide=http://localhost:8080",
     "selenium": "selenium-standalone start",
     "selenium-install": "selenium-standalone install",
     "sourcemap": "exorcist --root ../ apps/remix-ide/build/app.js.map > apps/remix-ide/build/app.js",