fix: reject paths containing .. segments before normalization in SafetyGuard

SysAdminDoc · SysAdminDoc · commit c9eb7ce7acc7 · 2026-06-16T22:10:25.000-04:00
diff --git a/src/DeepPurge.Core/Safety/SafetyGuard.cs b/src/DeepPurge.Core/Safety/SafetyGuard.cs
@@ -97,6 +97,8 @@ public static bool IsPathSafeToDelete(string path)
     {
         if (string.IsNullOrWhiteSpace(path)) return false;
 
+        if (path.Contains("..")) return false;
+
         var normalized = Path.GetFullPath(path).TrimEnd('\\');
 
         // Never delete protected files
diff --git a/tests/DeepPurge.Tests/SafetyGuardTests.cs b/tests/DeepPurge.Tests/SafetyGuardTests.cs
@@ -26,6 +26,17 @@ public void Blocks_protected_paths(string path)
         Assert.False(SafetyGuard.IsPathSafeToDelete(path), $"Should reject {path}");
     }
 
+    [Theory]
+    [InlineData(@"C:\Users\Public\..\..\..\Windows\System32\config\SAM")]
+    [InlineData(@"C:\Temp\..\Windows\System32")]
+    [InlineData(@"C:\Users\alice\..\..\bootmgr")]
+    [InlineData(@"..")]
+    [InlineData(@"C:\safe\path\..\..\Windows")]
+    public void Blocks_path_traversal(string path)
+    {
+        Assert.False(SafetyGuard.IsPathSafeToDelete(path), $"Should reject traversal path: {path}");
+    }
+
     [Theory]
     [InlineData(@"C:\Users\alice\AppData\Local\Temp\setup.tmp")]
     [InlineData(@"D:\some\user\file.txt")]

Original file line number	Diff line number	Diff line change
`@@ -97,6 +97,8 @@ public static bool IsPathSafeToDelete(string path)`
`97`	`97`	`{`
`98`	`98`	`if (string.IsNullOrWhiteSpace(path)) return false;`
`99`	`99`
	`100`	`+ if (path.Contains("..")) return false;`
	`101`	`+`
`100`	`102`	`var normalized = Path.GetFullPath(path).TrimEnd('\\');`
`101`	`103`
`102`	`104`	`// Never delete protected files`