diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-08 23:24:19 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-08 23:24:19 -0500 |
| commit | c1e162cc74f00d5251a7a5eedcc8dd7eb9870459 (patch) | |
| tree | 97c4021870004bb8a4da79a5a0a4c728eaa36631 | |
| parent | bb47b95fbb26128986c4afa87cec227d8a43c402 (diff) | |
| download | rulesets-c1e162cc74f00d5251a7a5eedcc8dd7eb9870459.tar.gz rulesets-c1e162cc74f00d5251a7a5eedcc8dd7eb9870459.zip | |
fix(gmail): Improve safe_filename to handle .. prefixes
Strip leading ".." sequences instead of stripping all leading dots,
so dotfiles like ".gitignore" are preserved while still preventing
directory traversal via "../foo" style names. ```
| -rwxr-xr-x | .ai/scripts/gmail-fetch-attachments.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/.ai/scripts/gmail-fetch-attachments.py b/.ai/scripts/gmail-fetch-attachments.py index 8aa2789..b42101c 100755 --- a/.ai/scripts/gmail-fetch-attachments.py +++ b/.ai/scripts/gmail-fetch-attachments.py @@ -123,8 +123,17 @@ def collect_attachments(payload: dict) -> list[dict]: def safe_filename(name: str) -> str: - """Strip path separators. Preserve everything else.""" - return name.replace("/", "_").replace("\\", "_").lstrip(".") + """Strip path separators and leading parent-dir markers (..). + + Path separators become underscores so the filename can't escape the + output directory. Leading ".." sequences are stripped so an attachment + named "../foo" lands as "_foo" rather than ".._foo". Single leading + dots are preserved so dotfiles like ".gitignore" survive intact. + """ + cleaned = name.replace("/", "_").replace("\\", "_") + while cleaned.startswith(".."): + cleaned = cleaned[2:] + return cleaned def main() -> int: |