Merge pull request #1652 from Automattic/GH-1651

fix(dev-env): CWE-367 in `getConfigurationFileOptions()`
Automattic · Jan 18, 2024 · 78540be · 78540be
2 parents 74d8efd + 88641d8
commit 78540be
Showing 1 changed file with 9 additions and 10 deletions.
diff --git a/src/lib/dev-environment/dev-environment-configuration-file.ts b/src/lib/dev-environment/dev-environment-configuration-file.ts
@@ -1,8 +1,7 @@
 import chalk from 'chalk';
 import debugLib from 'debug';
-import { constants } from 'fs';
 import yaml, { FAILSAFE_SCHEMA } from 'js-yaml';
-import { access, readFile } from 'node:fs/promises';
+import { readFile } from 'node:fs/promises';
 import path from 'node:path';
 
 import * as exit from '../cli/exit';
@@ -17,15 +16,15 @@ export async function getConfigurationFileOptions(): Promise< ConfigurationFileO
 	const configurationFilePath = path.join( process.cwd(), CONFIGURATION_FILE_NAME );
 	let configurationFileContents = '';
 
-	const fileExists = await access( configurationFilePath, constants.R_OK )
-		.then( () => true )
-		.catch( () => false );
-
-	if ( fileExists ) {
-		debug( 'Reading configuration file from:', configurationFilePath );
+	try {
 		configurationFileContents = await readFile( configurationFilePath, 'utf8' );
-	} else {
-		return {};
+		debug( 'Read configuration file from %s', configurationFilePath );
+	} catch ( err ) {
+		if ( ( err as NodeJS.ErrnoException ).code === 'ENOENT' ) {
+			return {};
+		}
+
+		throw err;
 	}
 
 	let configurationFromFile: Record< string, unknown > = {};