Skip to content

🔒 Potential directory traversal via unvalidated parent_tag #259

Description

@asmit25805

🔒 Security · 🟠 High · Confidence: 96%

File: crates/forkd-cli/src/hub.rs
Location: parent_dir


What's wrong

The code joins a potentially unsafe parent_tag directly onto snap_root without validation, allowing path traversal. The problematic line is: let parent_dir = snap_root.join(&parent_tag);

Suggested fix

Validate parent_tag before using it in a path join, rejecting tags that contain path separators or "..". For example:

if parent_tag.contains('/') || parent_tag.contains('\\') || parent_tag == ".." || parent_tag.contains("../") {
    bail!("unsafe parent_tag '{}', possible directory traversal", parent_tag);
}
let parent_dir = snap_root.join(&parent_tag);

About this report

This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions