fairagro · JensKrumsieck · May 29, 2026
diff --git a/packages/core/src/project.rs b/packages/core/src/project.rs
@@ -5,7 +5,7 @@
 use std::env;
 use std::{
     fs,
-    path::{Path, PathBuf},
+    path::{Component, Path, PathBuf},
 };
 use std::{fs::File, io::Write};
 
@@ -48,7 +48,7 @@
        .unwrap_or_default()
        .to_string_lossy()
        .into_owned();
    fs::write(dir.join("workflow.toml"), toml::to_string_pretty(&cfg)?)?;

    Ok(())
 }
@@ -61,21 +61,21 @@
 const GITIGNORE_CONTENT: &str = include_str!("../resources/default.gitignore");

 fn init_git_repo(base_dir: &Path) -> anyhow::Result<Repository> {
    if !base_dir.exists() {
        fs::create_dir_all(base_dir)
            .with_context(|| format!("Could not create Repository at {base_dir:?}"))?;
    }
    let repo = Repository::init(base_dir)
        .with_context(|| format!("Could not init Repository at {base_dir:?}"))?;

    let gitignore_path = base_dir.join(PathBuf::from(".gitignore"));
    if !gitignore_path.exists() {
        fs::write(&gitignore_path, GITIGNORE_CONTENT)
            .with_context(|| format!("Could not create .gitignore file in {base_dir:?}"))?;
    }

    //append .s4n folder to .gitignore, whatever it may contains
    let mut gitignore = fs::OpenOptions::new().append(true).open(gitignore_path)?;
    writeln!(gitignore, "\n.s4n")?;

    Ok(repo)
@@ -83,48 +83,61 @@

 fn create_minimal_folder_structure(base_dir: &Path) -> anyhow::Result<()> {
    // Create the base directory
    if !base_dir.exists() {
        fs::create_dir_all(base_dir)?;
    }

    // Check and create subdirectories
    let workflows_dir = base_dir.join("workflows");
    if !workflows_dir.exists() {
        fs::create_dir_all(&workflows_dir)?;
    }
    File::create(workflows_dir.join(".gitkeep"))?;

    Ok(())
 }
 
 fn verify_base_dir(folder: &Path) -> Result<PathBuf> {
-    let path = if folder.is_absolute() {
-        folder.to_path_buf()
-    } else {
-        env::current_dir()?.join(folder)
-    };
+    let cwd = env::current_dir()?.canonicalize()?;
+
+    if folder.is_absolute() {
+        anyhow::bail!("Provided path must be relative to the current working directory: {folder:?}");
+    }
+
+    if folder
+        .components()
+        .any(|component| matches!(component, Component::ParentDir))
+    {
+        anyhow::bail!("Provided path must not contain parent directory traversal ('..'): {folder:?}");
+    }
 
-    if path.exists() {
+    let path = cwd.join(folder);
+
+    let resolved = if path.exists() {
         if path.is_file() {
             anyhow::bail!("Provided path is a file, expected a directory: {path:?}");
         }
 
-        return path
-            .canonicalize()
-            .with_context(|| format!("Could not canonicalize {path:?}"));
-    }
+        path.canonicalize()
+            .with_context(|| format!("Could not canonicalize {path:?}"))?
+    } else {
+        let parent = path.parent().context("Path has to parent")?;
+        let parent = parent.canonicalize()?;
+        let foldername = path.file_name().context("Path has to filename")?;
+        parent.join(foldername)
+    };
 
-    let parent = path.parent().context("Path has to parent")?;
-    let parent = parent.canonicalize()?;
-    let foldername = path.file_name().context("Path has to filename")?;
+    if !resolved.starts_with(&cwd) {
+        anyhow::bail!("Resolved path escapes current working directory: {resolved:?}");
+    }
 
-    Ok(parent.join(foldername))
+    Ok(resolved)
 }
 
 fn create_arc_folder_structure(base_dir: &Path) -> anyhow::Result<()> {
    // Create the base directory
    if !base_dir.exists() {
        fs::create_dir_all(base_dir)
            .with_context(|| format!("Could not create folder at {base_dir:?}"))?;
    }