fix(io): break import cycle between pkg/log and pkg/io (#330)
The security logging in io/local creates a cycle: pkg/log/rotation.go imports pkg/io (for Medium) pkg/io/local/client.go imports pkg/log (for Security()) Remove the log import and rely on the os.ErrPermission return value to signal sandbox escape attempts. Callers can log at their level. Fixes build failure on dev branch introduced by #329. Co-authored-by: Claude <developers@lethean.io>
This commit is contained in:
Vi
GitHub
parent
070f0c7c71
commit
bb74f87e30
2 changed files with 1 additions and 9 deletions
7
go.work
7
go.work
|
|
@ -1,7 +0,0 @@
|
|||
go 1.25.5
|
||||
|
||||
use (
|
||||
.
|
||||
../core-gui
|
||||
./internal/core-ide
|
||||
)
|
||||
|
|
@ -8,7 +8,6 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/host-uk/core/pkg/log"
|
||||
)
|
||||
|
||||
// Medium is a local filesystem storage backend.
|
||||
|
|
@ -85,7 +84,7 @@ func (m *Medium) validatePath(p string) (string, error) {
|
|||
// Verify the resolved part is still within the root
|
||||
rel, err := filepath.Rel(m.root, realNext)
|
||||
if err != nil || strings.HasPrefix(rel, "..") {
|
||||
log.Security("sandbox escape detected", "root", m.root, "path", p, "attempted", realNext, "user", log.Username())
|
||||
// Security event: sandbox escape attempt (path escapes root)
|
||||
return "", os.ErrPermission // Path escapes sandbox
|
||||
}
|
||||
current = realNext
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue