cartomancer 0.8.0

PR review tool with blast radius awareness — opengrep + cartog + LLM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

//! Path security utilities — prevent path traversal attacks.

use std::path::{Path, PathBuf};

use anyhow::{bail, Result};

/// Lexically normalize a path by resolving `.` and `..` components.
/// Unlike `canonicalize()`, this does not require the path to exist.
fn normalize_path(path: &Path) -> PathBuf {
    let mut normalized = PathBuf::new();
    for component in path.components() {
        match component {
            std::path::Component::ParentDir => {
                normalized.pop();
            }
            std::path::Component::CurDir => {} // skip `.`
            other => normalized.push(other),
        }
    }
    normalized
}

/// Validate that a relative path stays within the base directory.
///
/// Rejects:
/// - Paths that resolve outside `base_dir` (e.g. `../../etc/passwd`)
/// - Absolute paths that don't start with `base_dir` (e.g. `/etc/passwd`)
///
/// For paths to existing files/dirs, uses canonical resolution.
/// For non-existent paths, uses lexical component analysis as a fallback.
pub fn validate_path_within(base_dir: &Path, relative: &str) -> Result<PathBuf> {
    let relative = relative.trim();
    if relative.is_empty() {
        bail!("path is empty");
    }

    let candidate = Path::new(relative);

    // Reject absolute paths that clearly don't belong under base_dir.
    if candidate.is_absolute() {
        let base_canonical = base_dir
            .canonicalize()
            .unwrap_or_else(|_| normalize_path(base_dir));
        let candidate_canonical = candidate
            .canonicalize()
            .unwrap_or_else(|_| normalize_path(candidate));
        if !candidate_canonical.starts_with(&base_canonical) {
            bail!(
                "path '{}' is absolute and outside project directory (path traversal blocked)",
                relative
            );
        }
        return Ok(candidate_canonical);
    }

    let resolved = base_dir.join(relative);

    // If the path exists, use canonicalize for definitive resolution (follows symlinks).
    if resolved.exists() {
        let canonical = resolved.canonicalize()?;
        let base_canonical = base_dir.canonicalize()?;
        if !canonical.starts_with(&base_canonical) {
            bail!(
                "path '{}' resolves outside project directory (path traversal blocked)",
                relative
            );
        }
        return Ok(canonical);
    }

    // For non-existent paths, do lexical component analysis.
    // Reject if any component is `..` that would escape the base.
    let mut depth: i32 = 0;
    for component in candidate.components() {
        match component {
            std::path::Component::ParentDir => {
                depth -= 1;
                if depth < 0 {
                    bail!(
                        "path '{}' escapes project directory (path traversal blocked)",
                        relative
                    );
                }
            }
            std::path::Component::Normal(_) => {
                depth += 1;
            }
            std::path::Component::CurDir => {} // `.` — no change
            _ => {
                bail!(
                    "path '{}' contains unexpected component (path traversal blocked)",
                    relative
                );
            }
        }
    }

    Ok(resolved)
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::fs;

    #[test]
    fn valid_relative_path() {
        let tmp = tempfile::tempdir().unwrap();
        let rules_dir = tmp.path().join(".cartomancer").join("rules");
        fs::create_dir_all(&rules_dir).unwrap();

        let result = validate_path_within(tmp.path(), ".cartomancer/rules");
        assert!(result.is_ok(), "got: {:?}", result);
        assert_eq!(result.unwrap(), rules_dir.canonicalize().unwrap());
    }

    #[test]
    fn parent_traversal_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let result = validate_path_within(tmp.path(), "../../etc/passwd");
        assert!(result.is_err());
        assert!(
            result.unwrap_err().to_string().contains("path traversal"),
            "should mention path traversal"
        );
    }

    #[test]
    fn absolute_path_outside_project_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let result = validate_path_within(tmp.path(), "/etc/passwd");
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("path traversal"));
    }

    #[test]
    fn absolute_path_with_dotdot_traversal_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let base = tmp.path().canonicalize().unwrap();
        // /base/../etc/passwd — lexically starts with /base but normalizes outside
        let malicious = format!("{}/../etc/passwd", base.display());
        let result = validate_path_within(tmp.path(), &malicious);
        assert!(result.is_err(), "got: {:?}", result);
        assert!(result.unwrap_err().to_string().contains("path traversal"));
    }

    #[test]
    fn empty_path_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let result = validate_path_within(tmp.path(), "");
        assert!(result.is_err());
    }

    #[test]
    fn nonexistent_valid_relative_accepted() {
        let tmp = tempfile::tempdir().unwrap();
        // Path doesn't exist but is validly relative
        let result = validate_path_within(tmp.path(), "some/future/dir");
        assert!(result.is_ok());
    }

    #[test]
    fn nonexistent_traversal_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let result = validate_path_within(tmp.path(), "../outside/secret.env");
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("path traversal"));
    }

    #[test]
    fn dot_current_dir_accepted() {
        let tmp = tempfile::tempdir().unwrap();
        let result = validate_path_within(tmp.path(), "./rules");
        assert!(result.is_ok());
    }

    #[cfg(unix)]
    #[test]
    fn symlink_outside_project_rejected() {
        let tmp = tempfile::tempdir().unwrap();
        let outside = tempfile::tempdir().unwrap();
        let secret_file = outside.path().join("secret.txt");
        fs::write(&secret_file, "secret data").unwrap();

        // Create symlink inside project pointing outside
        let link_path = tmp.path().join("evil-link");
        std::os::unix::fs::symlink(&secret_file, &link_path).unwrap();

        let result = validate_path_within(tmp.path(), "evil-link");
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("path traversal"));
    }

    #[cfg(unix)]
    #[test]
    fn symlink_within_project_accepted() {
        let tmp = tempfile::tempdir().unwrap();
        let real_dir = tmp.path().join("real-rules");
        fs::create_dir(&real_dir).unwrap();

        let link_path = tmp.path().join("rules-link");
        std::os::unix::fs::symlink(&real_dir, &link_path).unwrap();

        let result = validate_path_within(tmp.path(), "rules-link");
        assert!(result.is_ok());
    }
}