File tree Expand file tree Collapse file tree
src/DeepPurge.Core/Safety Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -97,6 +97,8 @@ public static bool IsPathSafeToDelete(string path)
9797 {
9898 if ( string . IsNullOrWhiteSpace ( path ) ) return false ;
9999
100+ if ( path . Contains ( ".." ) ) return false ;
101+
100102 var normalized = Path . GetFullPath ( path ) . TrimEnd ( '\\ ' ) ;
101103
102104 // Never delete protected files
Original file line number Diff line number Diff line change @@ -26,6 +26,17 @@ public void Blocks_protected_paths(string path)
2626 Assert . False ( SafetyGuard . IsPathSafeToDelete ( path ) , $ "Should reject { path } ") ;
2727 }
2828
29+ [ Theory ]
30+ [ InlineData ( @"C:\Users\Public\..\..\..\Windows\System32\config\SAM" ) ]
31+ [ InlineData ( @"C:\Temp\..\Windows\System32" ) ]
32+ [ InlineData ( @"C:\Users\alice\..\..\bootmgr" ) ]
33+ [ InlineData ( @".." ) ]
34+ [ InlineData ( @"C:\safe\path\..\..\Windows" ) ]
35+ public void Blocks_path_traversal ( string path )
36+ {
37+ Assert . False ( SafetyGuard . IsPathSafeToDelete ( path ) , $ "Should reject traversal path: { path } ") ;
38+ }
39+
2940 [ Theory ]
3041 [ InlineData ( @"C:\Users\alice\AppData\Local\Temp\setup.tmp" ) ]
3142 [ InlineData ( @"D:\some\user\file.txt" ) ]
You can’t perform that action at this time.
0 commit comments