From 1f1a82268b3c6f29aa9ae654e376bb564f81d672 Mon Sep 17 00:00:00 2001
From: ioedeveloper <daviddisu8@gmail.com>
Date: Tue, 30 Mar 2021 12:12:16 +0100
Subject: [PATCH] Restrict file operations to shared folder for remixd

---
 libs/remixd/src/utils.ts | 16 ++++++++++++++++
 package.json             |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/libs/remixd/src/utils.ts b/libs/remixd/src/utils.ts
index aa8cd28a70..067e5f4113 100644
--- a/libs/remixd/src/utils.ts
+++ b/libs/remixd/src/utils.ts
@@ -12,9 +12,25 @@ import * as pathModule from 'path'
 function absolutePath (path: string, sharedFolder:string): string {
   path = normalizePath(path)
   path = pathModule.resolve(sharedFolder, path)
+  if (!isSubDirectory(pathModule.resolve(process.cwd(), sharedFolder), path)) throw new Error('Cannot read/write to path outside shared folder.')
   return path
 }
 
+/**
+ * returns a true if child is sub-directory of parent.
+ *
+ * @param {String} parent - path to parent directory
+ * @param {String} child - child path
+ * @return {Boolean}
+ */
+function isSubDirectory (parent: string, child: string) {
+  if (!parent) return false
+  if (parent === child) return true
+  const relative = pathModule.relative(parent, child)
+
+  return !!relative && relative.split(pathModule.sep)[0] !== '..'
+}
+
 /**
  * return the relative path of the given @arg path
  *
diff --git a/package.json b/package.json
index 1ebb5e8243..504eadf0b1 100644
--- a/package.json
+++ b/package.json
@@ -85,7 +85,7 @@
     "nightwatch_local_url": "npm run build:e2e & nightwatch --config dist/apps/remix-ide-e2e/nightwatch.js dist/apps/remix-ide-e2e/src/tests/url.test.js --env=chrome",
     "nightwatch_local_verticalIconscontextmenu": "npm run build:e2e & nightwatch --config dist/apps/remix-ide-e2e/nightwatch.js dist/apps/remix-ide-e2e/src/tests/verticalIconsPanel.test.js --env=chrome",
     "onchange": "onchange apps/remix-ide/build/app.js -- npm-run-all lint",
-    "remixd": "nx build remixd & nx serve remixd --folder=./apps/remix-ide/contracts --remixide=http://127.0.0.1:8080",
+    "remixd": "nx build remixd && nx serve remixd --folder=./apps/remix-ide/contracts --remixide=http://localhost:8080",
     "selenium": "selenium-standalone start",
     "selenium-install": "selenium-standalone install",
     "sourcemap": "exorcist --root ../ apps/remix-ide/build/app.js.map > apps/remix-ide/build/app.js",