From 8f53384bbc035c8430449802e1718a142b4c2a57 Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 16:35:02 +0000
Subject: [PATCH] fix(security): autofix Path traversal attack possible

---
 src/keys.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/keys.rs b/src/keys.rs
index 87f33ef..4119737 100644
--- a/src/keys.rs
+++ b/src/keys.rs
@@ -92,13 +92,22 @@ impl DatasetLayout {
 
         let mut running_total = 0u64;
         for &path in local_paths {
-            let file_name = Path::new(path)
+            // Prevent path traversal attacks by rejecting paths containing '..'.
+            let p = Path::new(path);
+            if p.components().any(|c| c == std::path::Component::ParentDir) {
+                return Err(DataFusionError::Execution(format!(
+                    "Invalid input: {}",
+                    p.display()
+                )));
+            }
+
+            let file_name = p
                 .file_name()
                 .and_then(|n| n.to_str())
                 .ok_or_else(|| DataFusionError::Execution(format!("invalid path: {path}")))?;
             file_keys.push(format!("{key_prefix}{file_name}"));
 
-            let f = fs::File::open(path)
+            let f = fs::File::open(p)
                 .map_err(|e| DataFusionError::Execution(format!("open {path}: {e}")))?;
             let builder = ParquetRecordBatchReaderBuilder::try_new(f)
                 .map_err(|e| DataFusionError::Execution(format!("read footer {path}: {e}")))?;