marcoallegretti/WEFT_OS
marcoallegretti/WEFT_OS
1
0
Fork 0
mirror of https://github.com/marcoallegretti/WEFT_OS.git synced 2026-03-27 01:13:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
WEFT_OS/crates/weft-file-portal
History
Marco Allegretti 8eace960c2 fix(file-portal): block dotdot path-traversal in is_allowed 
Path::starts_with is component-aware but does not resolve .., so
/allowed/../etc/passwd would pass the check. Add normalize_path() that
lexically resolves . and .. components without touching the filesystem
so the check works on non-existent paths too. Add regression test.
2026-03-11 18:54:25 +01:00
..
src fix(file-portal): block dotdot path-traversal in is_allowed 2026-03-11 18:54:25 +01:00
Cargo.toml feat: weft-file-portal -- sandboxed file access broker 2026-03-11 15:52:33 +01:00