npm / move-file Goto Github PK
View Code? Open in Web Editor NEWMove a file across devices with support for all node 10 versions (fork of https://github.com/sindresorhus/move-file)
License: MIT License
Move a file across devices with support for all node 10 versions (fork of https://github.com/sindresorhus/move-file)
License: MIT License
Currently, the move-file forces me to set a destination file. I would like to know if there is a reason behind the fact that setting a destination path=existing folder , does not move files inside?
I would like to use it as "move-file test.file /directory/" but it forces me to use "move-file test.file /directory/test.file"
It may look trivial but when using wildcards that restriction became a problem for me "move-file *.txt /directory/"
The module functions offer no way to specify mode for implicitly created directories so they always create directories world writable. If a user wants to ensure secure directories they have to avoid these methods. Accepting a directory mode would make it possible to use them securely.
World writable resources such as config files can allow other users to control program behavior. In some cases there's code injection through the config file, which can lead to privilege elevation. World writable directories have the same weakness since they allow adding files within them. A world writable config directory /etc/froznator/conf.d
offers a route to controlling program behavior through a new config file. On Linux the umask should usually prevent this but it's not guaranteed. Secure coding standards recommend always specifying a restricted mode so files and directories are secure in any environment. MITRE calls this CWE-732, one of the top 25 most dangerous vulnerabilities.
These lines always create directories without specifying mode. If you used move-file
to eg install default config files, you could end up with a world writable config directory.
Line 71 in ab492ef
Line 122 in ab492ef
This came out of research with CodeQL.
Directories always created world writable.
move-file
to create parent directories with umask set to 000.Implicitly created directories can be secured.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.