fix: assure valid path components are never plain . or ...

Byron · Byron · commit a4801fe1817d · 2025-04-15T13:04:52.000+02:00
diff --git a/gix-validate/src/path.rs b/gix-validate/src/path.rs
@@ -20,6 +20,8 @@ pub mod component {
         DotGitDir,
         #[error("The .gitmodules file must not be a symlink")]
         SymlinkedGitModules,
+        #[error("Relative components '.' and '..' are disallowed")]
+        Relative,
     }
 
     /// Further specify what to check for in [`component()`](super::component())
@@ -78,6 +80,9 @@ pub fn component(
     if input.is_empty() {
         return Err(component::Error::Empty);
     }
+    if input == ".." || input == "." {
+        return Err(component::Error::Relative);
+    }
     if protect_windows {
         if input.find_byteset(br"/\").is_some() {
             return Err(component::Error::PathSeparator);
diff --git a/gix-validate/tests/path/mod.rs b/gix-validate/tests/path/mod.rs
@@ -253,6 +253,10 @@ mod component {
         mktest!(con_with_extension, b"CON.abc", Error::WindowsReservedName);
         mktest!(con_with_middle, b"CON.tar.xz", Error::WindowsReservedName);
         mktest!(con_mixed_with_middle, b"coN.tar.xz ", Error::WindowsReservedName);
+        mktest!(dot_dot, b"..", Error::Relative);
+        mktest!(dot_dot_no_opts, b"..", Error::Relative, NO_OPTS);
+        mktest!(single_dot, b".", Error::Relative);
+        mktest!(single_dot_no_opts, b".", Error::Relative, NO_OPTS);
         mktest!(
             conout_mixed_with_extension,
             b"ConOut$  .xyz",
