fix: address PR review feedback — path safety, SQL injection, gate scoping
- Resolve relative filePath against input.cwd before statSync; early-return on ENOENT - Replace LIKE '%path%' with exact json_each equality to prevent false matches - Sanitize and parameterize LIMIT to prevent NaN SQL errors - Fix day-sorting to use earliest epoch in group, not first (specificity-sorted) item - Use exact path equality in deduplicateObservations instead of substring includes - Scope FileReadGate by session+cwd to prevent worktree collisions - Refresh lastAccess TTL on active sessions; throttle prune to every 50 calls - Type params as (string | number)[] instead of any[] - Remove unused permissionDecision fields from HookResult Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alex Newman
@@ -3,45 +3,65 @@
|
||||
*
|
||||
* In-memory session-scoped gate tracking which files have had their timeline
|
||||
* injected. Prevents duplicate timeline injections within the same session.
|
||||
* Keys include cwd to prevent worktree collisions.
|
||||
*/
|
||||
|
||||
interface SessionEntry {
|
||||
files: Set<string>;
|
||||
createdAt: number;
|
||||
lastAccess: number;
|
||||
}
|
||||
|
||||
const TTL_MS = 4 * 60 * 60 * 1000; // 4 hours
|
||||
|
||||
const sessionGates = new Map<string, SessionEntry>();
|
||||
|
||||
let pruneCallCount = 0;
|
||||
const PRUNE_EVERY_N_CALLS = 50;
|
||||
|
||||
/**
|
||||
* Lazily prune session entries older than the TTL.
|
||||
* Throttled to run every N calls to avoid iterating all sessions on every check.
|
||||
*/
|
||||
function pruneExpiredSessions(): void {
|
||||
pruneCallCount++;
|
||||
if (pruneCallCount < PRUNE_EVERY_N_CALLS) return;
|
||||
pruneCallCount = 0;
|
||||
|
||||
const now = Date.now();
|
||||
for (const [sessionId, entry] of sessionGates) {
|
||||
if (now - entry.createdAt > TTL_MS) {
|
||||
sessionGates.delete(sessionId);
|
||||
for (const [key, entry] of sessionGates) {
|
||||
if (now - entry.lastAccess > TTL_MS) {
|
||||
sessionGates.delete(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this is the first read of a file in a session, and mark it if so.
|
||||
* Build a composite key scoped to session + cwd to prevent worktree collisions.
|
||||
*/
|
||||
function makeKey(sessionId: string, cwd?: string): string {
|
||||
return cwd ? `${sessionId}::${cwd}` : sessionId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this is the first read of a file in a session+cwd scope, and mark it if so.
|
||||
* Returns true if this is the first attempt (file was not previously seen).
|
||||
* Returns false if the file was already seen in this session.
|
||||
*/
|
||||
export function checkAndMark(sessionId: string, filePath: string): boolean {
|
||||
export function checkAndMark(sessionId: string, filePath: string, cwd?: string): boolean {
|
||||
pruneExpiredSessions();
|
||||
|
||||
const key = makeKey(sessionId, cwd);
|
||||
const normalizedPath = filePath.replace(/\\/g, '/');
|
||||
|
||||
let entry = sessionGates.get(sessionId);
|
||||
let entry = sessionGates.get(key);
|
||||
if (!entry) {
|
||||
entry = { files: new Set(), createdAt: Date.now() };
|
||||
sessionGates.set(sessionId, entry);
|
||||
entry = { files: new Set(), lastAccess: Date.now() };
|
||||
sessionGates.set(key, entry);
|
||||
}
|
||||
|
||||
// Refresh TTL on every access so active sessions don't get re-blocked
|
||||
entry.lastAccess = Date.now();
|
||||
|
||||
if (entry.files.has(normalizedPath)) {
|
||||
return false;
|
||||
}
|
||||
@@ -52,7 +72,12 @@ export function checkAndMark(sessionId: string, filePath: string): boolean {
|
||||
|
||||
/**
|
||||
* Clear all tracked files for a session (e.g., on session end).
|
||||
* Clears all cwd scopes for the given session.
|
||||
*/
|
||||
export function clearSession(sessionId: string): void {
|
||||
sessionGates.delete(sessionId);
|
||||
for (const key of sessionGates.keys()) {
|
||||
if (key === sessionId || key.startsWith(`${sessionId}::`)) {
|
||||
sessionGates.delete(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -127,7 +127,8 @@ export class DataRoutes extends BaseRouteHandler {
|
||||
|
||||
const projectsParam = req.query.projects as string | undefined;
|
||||
const projects = projectsParam ? projectsParam.split(',').filter(Boolean) : undefined;
|
||||
const limit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
|
||||
const parsedLimit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
|
||||
const limit = Number.isFinite(parsedLimit) && parsedLimit! > 0 ? parsedLimit : undefined;
|
||||
|
||||
const db = this.dbManager.getSessionStore().db;
|
||||
const observations = getObservationsByFilePath(db, filePath, { projects, limit });
|
||||
@@ -508,12 +509,12 @@ export class DataRoutes extends BaseRouteHandler {
|
||||
* Returns: { firstAttempt: boolean }
|
||||
*/
|
||||
private handleFileContextGate = this.wrapHandler((req: Request, res: Response): void => {
|
||||
const { sessionId, filePath } = req.body;
|
||||
const { sessionId, filePath, cwd } = req.body;
|
||||
if (!sessionId || !filePath) {
|
||||
this.badRequest(res, 'sessionId and filePath are required');
|
||||
return;
|
||||
}
|
||||
const firstAttempt = checkAndMark(sessionId, filePath);
|
||||
const firstAttempt = checkAndMark(sessionId, filePath, cwd);
|
||||
res.json({ firstAttempt });
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user