extern/nushell
1
0
Fork 1
mirror of https://github.com/nushell/nushell.git synced 2025-01-10 16:28:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix root directory traversal issue (#14747)

Browse Source 
fixes : #13729 

During dot expansion, the "parent" was added even if it was after the
root (`/../../`).
Added additional check that skips appending elements to the path
representation if the parent folder is the root folder.
This commit is contained in:
Bark 2025-01-05 15:13:19 +02:00 committed by GitHub
parent b5ff46db6a
commit 87a562e24b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crates/nu-path/src/dots.rs
View File

@ -60,7 +60,13 @@ pub fn expand_dots(path: impl AsRef<Path>) -> PathBuf {
Component::CurDir if last_component_is_normal(&result) => { Component::CurDir if last_component_is_normal(&result) => {
// no-op // no-op
} }
_ => result.push(component), _ => {
let prev_component = result.components().last();
if prev_component == Some(Component::RootDir) && component == Component::ParentDir {
continue;
}
result.push(component)
}
} }
} }
@ -215,11 +221,7 @@ mod test_expand_dots {
#[test] #[test]
fn backtrack_to_root() { fn backtrack_to_root() {
let path = Path::new("/foo/bar/../../../../baz"); let path = Path::new("/foo/bar/../../../../baz");
let expected = if cfg!(windows) { let expected = if cfg!(windows) { r"\baz" } else { "/baz" };
r"\..\..\baz"
} else {
"/../../baz"
};
assert_path_eq!(expand_dots(path), expected); assert_path_eq!(expand_dots(path), expected);
} }
} }