fix: address review feedback — path traversal validation, cancellation handling, lazy tracker init

michidk · michidk · commit 084341734bdc · 2026-03-29T18:40:53.000+02:00
- Validate config names in add()/rm() to prevent path traversal (P1)
- Devcontainer selection cancellation now errors instead of silently
  falling through to host-mode launch (P2)
- History tracker only initialized for open/recent commands, so
  config/container commands don't fail on corrupt history (P2)
diff --git a/src/config_store.rs b/src/config_store.rs
@@ -115,6 +115,7 @@ impl ConfigStore {
 
     /// Creates a minimal config with the given name.
     pub fn add(&self, name: &str) -> Result<PathBuf> {
+        Self::validate_name(name)?;
         let root = self.dir.join(name);
         if root.exists() {
             bail!("Config '{}' already exists at: {}", name, root.display());
@@ -138,6 +139,7 @@ impl ConfigStore {
 
     /// Removes a config by name.
     pub fn rm(&self, name: &str) -> Result<()> {
+        Self::validate_name(name)?;
         let root = self.dir.join(name);
         if !root.exists() {
             bail!("Config '{}' not found", name);
@@ -163,6 +165,19 @@ impl ConfigStore {
         Ok(())
     }
 
+    fn validate_name(name: &str) -> Result<()> {
+        if name.is_empty()
+            || name.contains('/')
+            || name.contains('\\')
+            || name.contains('\0')
+            || name == "."
+            || name == ".."
+        {
+            bail!("Invalid config name: '{name}'");
+        }
+        Ok(())
+    }
+
     /// Tries to resolve a plain name to a devcontainer.json path within the config directory.
     fn resolve_name(&self, name: &str) -> Option<PathBuf> {
         let candidate = self
diff --git a/src/launch.rs b/src/launch.rs
@@ -128,7 +128,10 @@ impl Setup {
                     trace!("Selected the only existing dev container.");
                     Ok(dev_containers.into_iter().next())
                 }
-                _ => Ok(crate::ui::pick_devcontainer(dev_containers)?),
+                _ => Ok(Some(
+                    crate::ui::pick_devcontainer(dev_containers)?
+                        .ok_or_else(|| eyre!("Dev container selection cancelled"))?,
+                )),
             }
         }
     }
diff --git a/src/main.rs b/src/main.rs
@@ -32,6 +32,16 @@ use crate::{
     workspace::Workspace,
 };
 
+fn load_tracker(history_path: Option<PathBuf>) -> Result<Tracker> {
+    let path = history_path.unwrap_or_else(|| {
+        let mut p = dirs::data_local_dir().expect("Local data dir not found.");
+        p.push("vscli");
+        p.push("history.json");
+        p
+    });
+    Tracker::load(path)
+}
+
 fn resolve_launch_config(config: Option<&PathBuf>, store: &ConfigStore) -> Result<Option<PathBuf>> {
     config
         .map(|c| {
@@ -57,20 +67,9 @@ fn main() -> Result<()> {
 
     let config_store = ConfigStore::new(opts.config_dir);
 
-    let mut tracker = {
-        let tracker_path = if let Some(path) = opts.history_path {
-            path
-        } else {
-            let mut tracker_path = dirs::data_local_dir().expect("Local data dir not found.");
-            tracker_path.push("vscli");
-            tracker_path.push("history.json");
-            tracker_path
-        };
-        Tracker::load(tracker_path)?
-    };
-
     match opts.command {
         opts::Commands::Open { path, launch } => {
+            let mut tracker = load_tracker(opts.history_path)?;
             let path = path.as_path();
             let ws = Workspace::from_path(path)?;
             let ws_name = ws.name.clone();
@@ -97,12 +96,14 @@ fn main() -> Result<()> {
                 behavior,
                 last_opened: Utc::now(),
             });
+            tracker.store()?;
         }
         opts::Commands::Recent {
             launch,
             hide_instructions,
             hide_info,
         } => {
+            let mut tracker = load_tracker(opts.history_path)?;
             let res = ui::start(&mut tracker, hide_instructions, hide_info)?;
             if let Some((id, mut entry)) = res {
                 let ws = Workspace::from_path(&entry.workspace_path)?;
@@ -144,6 +145,7 @@ fn main() -> Result<()> {
                     },
                 );
             }
+            tracker.store()?;
         }
         opts::Commands::Config { action } => {
             let editor = std::env::var("VSCLI_EDITOR").unwrap_or_else(|_| "code".to_string());
@@ -155,8 +157,6 @@ fn main() -> Result<()> {
         }
     }
 
-    tracker.store()?;
-
     Ok(())
 }
 

Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,10 @@ impl Setup {`
`128`	`128`	`trace!("Selected the only existing dev container.");`
`129`	`129`	`Ok(dev_containers.into_iter().next())`
`130`	`130`	`}`
`131`		`- _ => Ok(crate::ui::pick_devcontainer(dev_containers)?),`
	`131`	`+ _ => Ok(Some(`
	`132`	`+ crate::ui::pick_devcontainer(dev_containers)?`
	`133`	`+ .ok_or_else(\|\| eyre!("Dev container selection cancelled"))?,`
	`134`	`+ )),`
`132`	`135`	`}`
`133`	`136`	`}`
`134`	`137`	`}`