diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2024-01-24 21:38:49 +0100 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2024-01-25 18:11:04 +0100 |
| commit | 5e95240b6e40d3574b51b597051662a157c0b7d8 (patch) | |
| tree | c05709dfde9df67649591f1ed8ea5cc8d1eae02f /src | |
| parent | 3759cd33f45bebbd5b6a8682f053bc410afaef18 (diff) | |
| download | cantius-5e95240b6e40d3574b51b597051662a157c0b7d8.tar.gz cantius-5e95240b6e40d3574b51b597051662a157c0b7d8.zip | |
Forbid `.` and `..` in loaded resource file paths.
Diffstat (limited to 'src')
| -rw-r--r-- | src/guile/cantius.scm | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/guile/cantius.scm b/src/guile/cantius.scm index fe8131a..af37a32 100644 --- a/src/guile/cantius.scm +++ b/src/guile/cantius.scm @@ -24,8 +24,20 @@ +(define %illegal-path-regex + ;; Forbid `.` and `..` segments in paths. + (make-regexp "^(.*/)?[.][.]?(/.*)?$")) + +(define legal-path? + (negate (cut regexp-exec %illegal-path-regex <>))) + (export find-resource-file) (define* (find-resource-file file #:optional (root-path (%resource-root-path))) + (unless (legal-path? file) + (raise (condition + (&error) + (&message (message (format #f "Illegal path ~a" file)))))) + (let loop ((paths root-path)) (match paths (() |