l3tchupkt commented on PR #9215: URL: https://github.com/apache/pouchdb/pull/9215#issuecomment-4187166086
@janl @alxndrsn ### Summary of Changes This PR adds secure database name validation to the LevelDB adapter, aligned with CouchDB rules. **Security** * Enforces regex: `^[a-z][a-z0-9_$()+/-]*$` * Rejects path traversal patterns and unsafe characters * Prevents misuse of database names in filesystem operations **Implementation** * Validation occurs during adapter initialization * Ensures `callback` is always a function * Adds `databaseDir` option for separating storage path from database name * Uses `dbPath` for LevelDB while keeping `name` for cache identity **Tests** * Added adapter-level validation tests * Covers invalid names, traversal patterns, and valid cases * All tests passing **Breaking Change** Database names must now follow CouchDB conventions and invalid names are rejected at initialization. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
