From 0d52a4f5d5f9a44f2f61709ca1fc234267d4f2b2 Mon Sep 17 00:00:00 2001
From: Volodymyr Kolesnykov <volodymyr@wildwolf.name>
Date: Mon, 15 Jan 2024 12:57:01 +0200
Subject: [PATCH] fix(dev-env): CWE-377, CWE-378 originating from
 `xdgDataDirectory()`

---
 src/lib/dev-environment/dev-environment-core.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/lib/dev-environment/dev-environment-core.ts b/src/lib/dev-environment/dev-environment-core.ts
index 181288fe1..ca046f0e6 100644
--- a/src/lib/dev-environment/dev-environment-core.ts
+++ b/src/lib/dev-environment/dev-environment-core.ts
@@ -5,7 +5,6 @@ import ejs from 'ejs';
 import { prompt } from 'enquirer';
 import fetch from 'node-fetch';
 import fs from 'node:fs';
-import os from 'node:os';
 import path from 'node:path';
 import semver from 'semver';
 import { v4 as uuid } from 'uuid';
@@ -86,7 +85,13 @@ interface WordPressTag {
 }
 
 function xdgDataDirectory(): string {
-	return xdgBasedir.data?.length ? xdgBasedir.data : os.tmpdir();
+	if ( xdgBasedir.data ) {
+		return xdgBasedir.data;
+	}
+
+	// This should not happen. If it does, this means that the system was unable to find user's home directory.
+	// If so, this does not leave us many options as to where to store the data.
+	throw new Error( 'Unable to determine data directory.' );
 }
 
 export async function startEnvironment(