From a0fc50fcdb307ae69b59b55aa0e277f0660ebc00 Mon Sep 17 00:00:00 2001
From: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>
Date: Mon, 13 Jan 2025 13:14:07 +0100
Subject: just-mr setup: Fix ensuring 'subdir' only accepts non-upwards paths

...which implicitly also enforces non-absolute.

(cherry-picked from 311c88641e3b4be067ed6575369b401288e8984c)

This ensures that there is no access outside the root directory of
a Git checkout or the temporary unpack directory of an archive.
---
 src/other_tools/utils/parse_archive.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/other_tools/utils/parse_archive.cpp')

diff --git a/src/other_tools/utils/parse_archive.cpp b/src/other_tools/utils/parse_archive.cpp
index 267d2d2d..72ed5c5d 100644
--- a/src/other_tools/utils/parse_archive.cpp
+++ b/src/other_tools/utils/parse_archive.cpp
@@ -18,6 +18,7 @@
 
 #include "fmt/core.h"
 #include "src/buildtool/crypto/hash_info.hpp"
+#include "src/utils/cpp/path.hpp"
 
 auto ParseArchiveContent(ExpressionPtr const& repo_desc,
                          std::string const& origin)
@@ -121,9 +122,9 @@ auto ParseArchiveDescription(ExpressionPtr const& repo_desc,
                                             ? repo_desc_subdir->String()
                                             : "")
                       .lexically_normal();
-    if (subdir.is_absolute()) {
+    if (not PathIsNonUpwards(subdir)) {
         (*logger)(fmt::format("ArchiveCheckout: Expected field \"subdir\" to "
-                              "be a relative path, but found {}",
+                              "be a non-upwards path, but found {}",
                               subdir.string()),
                   /*fatal=*/true);
         return std::nullopt;
-- 
cgit v1.2.3