[ fix ] Prevent relative path traversal in elaborator scripts #3101
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Compile-time file operations introduced in #3099 attempt to check file paths and prevent exiting the directory specified by
LookupDir
. This safeguard, however, can be easily fooled by the use of./
as part of the path. For instance, the following call would result in the creation or modification of a file outside the project directory:This occurs because the introduced function
pathDoesNotEscape
performs the check by tracking how deep the provided relative path goes down in the directory tree, making sure it doesn't go up more than it goes down. It, however, treats "." like a regular directory, allowing the user to increase the depth perceived by the function "for free". This PR adds special handling of the "." directory in the path to prevent escaping via this mechanism.