Fix root directory traversal issue (#14747)

fixes : #13729 During dot expansion, the "parent" was added even if it was after the root (`/../../`). Added additional check that skips appending elements to the path representation if the parent folder is the root folder.
2025-01-10 08:18:57 +01:00 · 2025-01-05 15:13:19 +02:00 · 2025-01-05 15:13:19 +02:00 · 87a562e24b
commit 87a562e24b
parent b5ff46db6a
1 changed files with 8 additions and 6 deletions
--- a/crates/nu-path/src/dots.rs
+++ b/crates/nu-path/src/dots.rs
@ -60,7 +60,13 @@ pub fn expand_dots(path: impl AsRef<Path>) -> PathBuf {
            Component::CurDir if last_component_is_normal(&result) => {
                // no-op
            }
-            _ => result.push(component),
+            _ => {
+                let prev_component = result.components().last();
+                if prev_component == Some(Component::RootDir) && component == Component::ParentDir {
+                    continue;
+                }
+                result.push(component)
+            }
        }
    }

@ -215,11 +221,7 @@ mod test_expand_dots {
    #[test]
    fn backtrack_to_root() {
        let path = Path::new("/foo/bar/../../../../baz");
-        let expected = if cfg!(windows) {
-            r"\..\..\baz"
-        } else {
-            "/../../baz"
-        };
+        let expected = if cfg!(windows) { r"\baz" } else { "/baz" };
        assert_path_eq!(expand_dots(path), expected);
    }
 }