greentic-dev 0.5.5

Developer CLI and local tooling for Greentic flows, packs, and components
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use std::path::{Path, PathBuf};

use anyhow::{Context, Result};

/// Normalize a user-supplied path and ensure it stays within an allowed root.
/// Reject absolute paths and any that escape via `..`.
pub fn normalize_under_root(root: &Path, candidate: &Path) -> Result<PathBuf> {
    let canonical_root = root
        .canonicalize()
        .with_context(|| format!("failed to canonicalize root {}", root.display()))?;

    let resolved = if candidate.is_absolute() {
        candidate.to_path_buf()
    } else {
        canonical_root.join(candidate)
    };

    let canon = resolved
        .canonicalize()
        .with_context(|| format!("failed to canonicalize {}", resolved.display()))?;

    if !canon.starts_with(&canonical_root) {
        anyhow::bail!(
            "path escapes root ({}): {}",
            canonical_root.display(),
            canon.display()
        );
    }

    Ok(canon)
}