fix(files): prune dependency dirs in expandFileGlobs before fast-glob traversal#410
fix(files): prune dependency dirs in expandFileGlobs before fast-glob traversal#410dcramer wants to merge 4 commits into
1 issue
code-review: Found 1 issue (1 medium)
Medium
`getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match - `packages/warden/src/cli/files.ts:55`
A user negation like !checkout/**, !rebuild/**, or !somevendor/** incorrectly removes the **/out/**, **/build/**, or **/vendor/** prune entry because neg.includes('out/'), neg.includes('build/'), and neg.includes('vendor/') match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.
Also found at:
packages/warden/src/cli/files.test.ts:280
⏱ 7m 22s · 470.7k in / 44.1k out · $1.32
Annotations
Check warning on line 55 in packages/warden/src/cli/files.ts
sentry-warden / warden: code-review
`getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match
A user negation like `!checkout/**`, `!rebuild/**`, or `!somevendor/**` incorrectly removes the `**/out/**`, `**/build/**`, or `**/vendor/**` prune entry because `neg.includes('out/')`, `neg.includes('build/')`, and `neg.includes('vendor/')` match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.
Check warning on line 280 in packages/warden/src/cli/files.test.ts
sentry-warden / warden: code-review
[STV-NU3] `getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match (additional location)
A user negation like `!checkout/**`, `!rebuild/**`, or `!somevendor/**` incorrectly removes the `**/out/**`, `**/build/**`, or `**/vendor/**` prune entry because `neg.includes('out/')`, `neg.includes('build/')`, and `neg.includes('vendor/')` match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.