🔒 Security · 🟠 High · Confidence: 96%
File: crates/forkd-cli/src/hub.rs
Location: parent_dir
What's wrong
The code joins a potentially unsafe parent_tag directly onto snap_root without validation, allowing path traversal. The problematic line is: let parent_dir = snap_root.join(&parent_tag);
Suggested fix
Validate parent_tag before using it in a path join, rejecting tags that contain path separators or "..". For example:
if parent_tag.contains('/') || parent_tag.contains('\\') || parent_tag == ".." || parent_tag.contains("../") {
bail!("unsafe parent_tag '{}', possible directory traversal", parent_tag);
}
let parent_dir = snap_root.join(&parent_tag);
About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.
🔒 Security · 🟠 High · Confidence: 96%
File:
crates/forkd-cli/src/hub.rsLocation:
parent_dirWhat's wrong
The code joins a potentially unsafe
parent_tagdirectly ontosnap_rootwithout validation, allowing path traversal. The problematic line is:let parent_dir = snap_root.join(&parent_tag);Suggested fix
Validate
parent_tagbefore using it in a path join, rejecting tags that contain path separators or "..". For example:About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.