From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 11 Feb 2025 16:39:00 +0000 (+0000)
Subject: backend: Perform some path validation
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=681565d70293a1d2d6ceec888acd3c2c89b0a2ec;p=pbs.git

backend: Perform some path validation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/buildservice/__init__.py b/src/buildservice/__init__.py
index bcff0b0c..3aff14de 100644
--- a/src/buildservice/__init__.py
+++ b/src/buildservice/__init__.py
@@ -160,7 +160,17 @@ class Backend(object):
 		"""
 			Takes a relative path and makes it absolute
 		"""
-		return os.path.join(self.basepath, *args)
+		# Make the path
+		path = os.path.join(self.basepath, *args)
+
+		# Make the path absolute
+		path = os.path.abspath(path)
+
+		# Ensure that the path is inside the base path
+		if not path.startswith("%s/" % self.basepath):
+			raise ValueError("Invalid path: %s" % path)
+
+		return path
 
 	def relpath(self, path):
 		"""