Merge pull request #1722 from arturcic/fix/1676

arturcic · web-flow · commit b82e662a7199 · 2025-08-06T01:14:10.000+02:00
#1676 - Fixes file path validation in dotnet tool
diff --git a/.gitignore b/.gitignore
@@ -33,3 +33,5 @@ dist-ssr
 .debug/
 
 junit-report.xml
+
+src/__tests__/test.env
diff --git a/dist/tools/libs/gitversion.mjs b/dist/tools/libs/gitversion.mjs
@@ -122,7 +122,7 @@ class GitVersionTool extends DotnetTool {
       builder.addArgument("/nonormalize");
     }
     if (configFilePath) {
-      if (await this.isValidInputFile("configFilePath", configFilePath)) {
+      if (await this.isValidInputFile(workDir, configFilePath)) {
         builder.addArgument("/config").addArgument(configFilePath);
       } else {
         throw new Error(`GitVersion configuration file not found at ${configFilePath}`);
@@ -139,7 +139,7 @@ class GitVersionTool extends DotnetTool {
     if (updateAssemblyInfo) {
       builder.addArgument("/updateassemblyinfo");
       if (updateAssemblyInfoFilename) {
-        if (await this.isValidInputFile("updateAssemblyInfoFilename", updateAssemblyInfoFilename)) {
+        if (await this.isValidInputFile(workDir, updateAssemblyInfoFilename)) {
           builder.addArgument(updateAssemblyInfoFilename);
         } else {
           throw new Error(`AssemblyInfoFilename file not found at ${updateAssemblyInfoFilename}`);
diff --git a/dist/tools/libs/gitversion.mjs.map b/dist/tools/libs/gitversion.mjs.map
diff --git a/dist/tools/libs/tools.mjs b/dist/tools/libs/tools.mjs
@@ -293,13 +293,18 @@ class DotnetTool {
     args = ["--roll-forward Major", ...args];
     return await this.execute(toolPath, args);
   }
-  async isValidInputFile(input, file) {
-    return this.filePathSupplied(input) && await this.buildAgent.fileExists(file);
-  }
-  filePathSupplied(file) {
-    const pathValue = path.resolve(this.buildAgent.getInput(file) || "");
-    const repoRoot = this.buildAgent.sourceDir;
-    return pathValue !== repoRoot;
+  async isValidInputFile(workDir, file) {
+    if (!file) {
+      this.buildAgent.debug("No file path supplied");
+      return false;
+    }
+    if (path.isAbsolute(file)) {
+      this.buildAgent.debug("File path is absolute");
+      return await this.buildAgent.fileExists(file);
+    }
+    const filePath = path.resolve(workDir, file);
+    this.buildAgent.debug(`Resolved file path: ${filePath}`);
+    return await this.buildAgent.fileExists(filePath);
   }
   async getRepoPath(targetPath) {
     const srcDir = this.buildAgent.sourceDir || ".";
diff --git a/dist/tools/libs/tools.mjs.map b/dist/tools/libs/tools.mjs.map
diff --git a/src/tools/common/dotnet-tool.ts b/src/tools/common/dotnet-tool.ts
@@ -200,14 +200,18 @@ export abstract class DotnetTool implements IDotnetTool {
         return await this.execute(toolPath, args)
     }
 
-    protected async isValidInputFile(input: string, file: string): Promise<boolean> {
-        return this.filePathSupplied(input) && (await this.buildAgent.fileExists(file))
-    }
-
-    protected filePathSupplied(file: string): boolean {
-        const pathValue = path.resolve(this.buildAgent.getInput(file) || '')
-        const repoRoot = this.buildAgent.sourceDir
-        return pathValue !== repoRoot
+    protected async isValidInputFile(workDir: string, file: string): Promise<boolean> {
+        if (!file) {
+            this.buildAgent.debug('No file path supplied')
+            return false
+        }
+        if (path.isAbsolute(file)) {
+            this.buildAgent.debug('File path is absolute')
+            return await this.buildAgent.fileExists(file)
+        }
+        const filePath = path.resolve(workDir, file)
+        this.buildAgent.debug(`Resolved file path: ${filePath}`)
+        return await this.buildAgent.fileExists(filePath)
     }
 
     protected async getRepoPath(targetPath: string): Promise<string> {
diff --git a/src/tools/gitversion/tool.ts b/src/tools/gitversion/tool.ts
@@ -103,7 +103,7 @@ export class GitVersionTool extends DotnetTool {
         }
 
         if (configFilePath) {
-            if (await this.isValidInputFile('configFilePath', configFilePath)) {
+            if (await this.isValidInputFile(workDir, configFilePath)) {
                 builder.addArgument('/config').addArgument(configFilePath)
             } else {
                 throw new Error(`GitVersion configuration file not found at ${configFilePath}`)
@@ -124,7 +124,7 @@ export class GitVersionTool extends DotnetTool {
 
             // You can specify 'updateAssemblyInfo' without 'updateAssemblyInfoFilename'.
             if (updateAssemblyInfoFilename) {
-                if (await this.isValidInputFile('updateAssemblyInfoFilename', updateAssemblyInfoFilename)) {
+                if (await this.isValidInputFile(workDir, updateAssemblyInfoFilename)) {
                     builder.addArgument(updateAssemblyInfoFilename)
                 } else {
                     throw new Error(`AssemblyInfoFilename file not found at ${updateAssemblyInfoFilename}`)
