Prevent repoSpec path from exiting repo

2026-06-13 01:50:55 +00:00 · 2022-11-23 14:29:22 -08:00
parent 62f0dab2ac
commit 07063a2652
4 changed files with 38 additions and 0 deletions
--- a/api/loader/fileloader.go
+++ b/api/loader/fileloader.go
@@ -222,6 +222,13 @@ func newLoaderAtGitClone(
 			"'%s' refers to file '%s'; expecting directory",
 			repoSpec.AbsPath(), f)
 	}
+	// Path in repo can contain symlinks that exit repo. We can only
+	// check for this after cloning repo.
+	if !root.HasPrefix(repoSpec.CloneDir()) {
+		_ = cleaner()
+		return nil, fmt.Errorf("%q refers to directory outside of repo %q", repoSpec.AbsPath(),
+			repoSpec.CloneDir())
+	}
 	return &fileLoader{
 		// Clones never allowed to escape root.
 		loadRestrictor: RestrictionRootOnly,