is-safe-filename/index.d.ts at main · sindresorhus/is-safe-filename · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/**
A list of common unsafe filename fixtures for testing path traversal vulnerabilities.

Useful for testing that your code properly rejects unsafe filenames.

@example
```
import {unsafeFilenameFixtures} from 'is-safe-filename';

for (const filename of unsafeFilenameFixtures) {
	assert.throws(() => myFunction(filename));
}
```
*/
export const unsafeFilenameFixtures: readonly string[];

/**
Checks if a filename is safe to use in a path join operation.

A safe filename is one that won't escape the intended directory via path traversal.

This is a purely lexical check. It does not account for symlinks that may exist on the filesystem.

@param filename - The filename to check.
@returns `true` if the filename is safe.

@example
```
import isSafeFilename from 'is-safe-filename';

isSafeFilename('foo');
//=> true

isSafeFilename('../foo');
//=> false

isSafeFilename('foo/bar');
//=> false
```
*/
export default function isSafeFilename(filename: string): boolean;

/**
Throws an error if the filename is not safe to use in a path join operation.

@param filename - The filename to check.
@throws If the filename is unsafe.

@example
```
import {assertSafeFilename} from 'is-safe-filename';

assertSafeFilename('foo'); // No error

assertSafeFilename('../foo');
//=> Error: Unsafe filename: "../foo"
```
*/
export function assertSafeFilename(filename: string): void;