fix: restrict user-controlled paths to asset root directory

[ekuboo100]

This change hardens path validation to ensure that all resolved paths remain strictly within the allowed root directory, even when crafted with traversal patterns.

The fix applies the following best practices:

• Resolve the candidate path after cleaning and joining.
• Convert both the root directory and candidate path to absolute paths.
• Verify that the candidate path is a child of the root directory using a strict prefix check that includes a path separator (to prevent prefix bypasses such as /root_bad).
• Reject any path that attempts directory traversal or absolute path usage.

Specifically:

• The isValid() function (lines 112–132) is updated to enforce root-bound path resolution.
• Requests containing traversal patterns or paths escaping the asset root are rejected before filesystem access.

This ensures that no user-supplied path can escape the intended filesystem boundary.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud