From e17f4f4708111859ba1cd18da085e944fd3badbf Mon Sep 17 00:00:00 2001
From: harshithad0703 <harshitha.d@contentstack.com>
Date: Mon, 15 Jul 2024 12:10:18 +0530
Subject: [PATCH] fix: fixed sre vulnerabilities in cleanup.js

---
 tools/cleanup.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tools/cleanup.js b/tools/cleanup.js
index adf170b..557202f 100644
--- a/tools/cleanup.js
+++ b/tools/cleanup.js
@@ -3,10 +3,16 @@ const fs = require('fs');
 const Path = require('path');
 /* eslint-enable */
 
-const deleteFolderRecursive = (path) => {
+const sanitizePath = (inputPath) => {
+  return Path.normalize(inputPath).replace(/^(\.\.(\/|\\|$))+/, '');
+};
+
+const deleteFolderRecursive = (inputPath) => {
+  const path = sanitizePath(inputPath);
+  
   if (fs.existsSync(path)) {
     fs.readdirSync(path).forEach((file) => {
-      const curPath = Path.join(path, file);
+      const curPath = Path.join(path, sanitizePath(file));
       if (fs.lstatSync(curPath).isDirectory()) {
         deleteFolderRecursive(curPath);
       } else {