SteelDynamite/onyx-tasks
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(tauri): reject "/" root path in workspace validation

Browse source 
trim_end_matches('/') collapses "/" to "", which then isn't matched by
the forbidden list, so a root-filesystem workspace slipped through. Keep
"/" as the canonical form when the stripped value is empty.
This commit is contained in:
Claude 2026-04-19 07:08:42 +00:00
parent 065118789f
commit 4e8f7c4536
No known key found for this signature in database
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/tauri/src-tauri/src/lib.rs
View file

@ -79,7 +79,10 @@ fn validate_workspace_path(path: &str) -> Result<(), String> {
#[cfg(unix)] #[cfg(unix)]
{ {
let forbidden = ["/", "/etc", "/usr", "/bin", "/sbin", "/var", "/proc", "/sys", "/dev"]; let forbidden = ["/", "/etc", "/usr", "/bin", "/sbin", "/var", "/proc", "/sys", "/dev"];
// Strip trailing slashes, but keep "/" itself — trim_end_matches would
// collapse it to "" and slip past the forbidden check.
let canonical = normalized.trim_end_matches('/'); let canonical = normalized.trim_end_matches('/');
let canonical = if canonical.is_empty() { "/" } else { canonical };
if forbidden.contains(&canonical) { if forbidden.contains(&canonical) {
return Err(format!("Cannot use system directory as workspace: {}", path)); return Err(format!("Cannot use system directory as workspace: {}", path));
} }