Merge pull request #12991 from gkurz/opa-fix-traversal-regex

genpolicy: Fix matching of `..` in paths
2026-05-17 13:04:23 +00:00 · 2026-05-06 11:59:00 +02:00
parent bdaa65e29d 56eda1686c
commit 75bde1483e
1 changed files with 1 additions and 1 deletions
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -1520,7 +1520,7 @@ strip_cap_prefix(s) := result if {
 }

 check_directory_traversal(i_path) if {
-    not regex.match("(^|/)..($|/)", i_path)
+    not regex.match("(^|/)\\.\\.($|/)", i_path)
 }

 allow_sandbox_storages(i_storages) if {