Rust: tained path: improve example

aibaars · aibaars · commit cb615f2ef36a · 2025-03-13T18:47:13.000+01:00
diff --git a/rust/ql/src/queries/security/CWE-022/examples/TaintedPathGoodFolder.rs b/rust/ql/src/queries/security/CWE-022/examples/TaintedPathGoodFolder.rs
@@ -5,6 +5,7 @@ use std::{env::home_dir, fs, path::PathBuf};
 fn tainted_path_handler(Query(file_path): Query<String>) -> Result<String, Error> {
     let public_path = home_dir().unwrap().join("public");
     let file_path = public_path.join(PathBuf::from(file_path));
+    let file_path = file_path.canonicalize().unwrap();
     // GOOD: ensure that the path stays within the public folder
     if !file_path.starts_with(public_path) {
         return Err(Error::from_status(StatusCode::BAD_REQUEST));
diff --git a/rust/ql/test/query-tests/security/CWE-022/src/main.rs b/rust/ql/test/query-tests/security/CWE-022/src/main.rs
@@ -28,6 +28,7 @@ fn tainted_path_handler_folder_good(
 ) -> Result<String> {
     let public_path = home_dir().unwrap().join("public");
     let file_path = public_path.join(PathBuf::from(file_path));
+    let file_path = file_path.canonicalize().unwrap();
     // GOOD: ensure that the path stays within the public folder
     if !file_path.starts_with(public_path) {
         return Err(Error::from_status(StatusCode::BAD_REQUEST));
