fetch_ml

History

Jeremie Fraeys 17d5c75e33 fix(security): Path validation improvements for symlink resolution Fix ValidatePath to correctly resolve symlinks and handle edge cases: - Resolve symlinks before boundary check to prevent traversal - Handle macOS /private prefix correctly - Add fallback for non-existent paths (parent directory resolution) - Double boundary checks: before AND after symlink resolution - Prevent race conditions between check and use Update path traversal tests: - Correct test expectations for "..." (three dots is valid filename, not traversal) - Add tests for symlink escape attempts - Add unicode attack tests - Add deeply nested traversal tests Security impact: Prevents path traversal via symlink following in artifact scanning and other file operations.	2026-02-23 19:44:16 -05:00
..
filetype.go	feat(security): implement comprehensive security hardening phases 1-5,7	2026-02-23 18:00:33 -05:00
secure.go	fix(security): Path validation improvements for symlink resolution	2026-02-23 19:44:16 -05:00

fix(security): Path validation improvements for symlink resolution

Fix ValidatePath to correctly resolve symlinks and handle edge cases:
- Resolve symlinks before boundary check to prevent traversal
- Handle macOS /private prefix correctly
- Add fallback for non-existent paths (parent directory resolution)
- Double boundary checks: before AND after symlink resolution
- Prevent race conditions between check and use

Update path traversal tests:
- Correct test expectations for "..." (three dots is valid filename, not traversal)
- Add tests for symlink escape attempts
- Add unicode attack tests
- Add deeply nested traversal tests

Security impact: Prevents path traversal via symlink following in artifact
scanning and other file operations.

2026-02-23 19:44:16 -05:00

filetype.go

feat(security): implement comprehensive security hardening phases 1-5,7

2026-02-23 18:00:33 -05:00

secure.go

fix(security): Path validation improvements for symlink resolution

2026-02-23 19:44:16 -05:00