Skip to content

Commit de07e08

Browse files
Mpdreamzclaude
Mpdreamz
and
claude
committed
Harden branding image symlink check to cover ancestor directories (#3261)
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
1 parent 93c4917 commit de07e08

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

src/Elastic.Documentation.Configuration/Builder/ConfigurationFile.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
using Elastic.Documentation.Diagnostics;
1212
using Elastic.Documentation.Extensions;
1313
using Elastic.Documentation.Links;
14+
using static Elastic.Documentation.Configuration.SymlinkValidator;
1415

1516
namespace Elastic.Documentation.Configuration.Builder;
1617

@@ -330,10 +331,11 @@ private static BrandingConfiguration ValidateBranding(BrandingConfiguration bran
330331
return null;
331332
}
332333

333-
if (resolved.LinkTarget is not null)
334+
var symlinkError = ValidateFileAccess(resolved, context.DocumentationSourceDirectory);
335+
if (symlinkError is not null)
334336
{
335337
context.EmitError(context.ConfigurationPath,
336-
$"'{fieldName}' path '{imagePath}' is a symbolic link, which is not allowed for branding images.");
338+
$"'{fieldName}' path '{imagePath}' is unsafe: {symlinkError}");
337339
return null;
338340
}
339341

0 commit comments

Comments
 (0)