From 3830861a1dd720d4f798ebfb5d63c976ca629347 Mon Sep 17 00:00:00 2001 From: dbarabashh Date: Sat, 23 Aug 2025 15:53:44 +0100 Subject: [PATCH 1/2] fix(rule-tester): normalize paths before checking if they escape cwd --- packages/rule-tester/src/RuleTester.ts | 2 +- packages/rule-tester/tests/filename.test.ts | 36 +++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/packages/rule-tester/src/RuleTester.ts b/packages/rule-tester/src/RuleTester.ts index c81f7296e189..25f572952719 100644 --- a/packages/rule-tester/src/RuleTester.ts +++ b/packages/rule-tester/src/RuleTester.ts @@ -210,7 +210,7 @@ export class RuleTester extends TestFramework { // file name (`foo.ts`), don't change the base path. if ( filename != null && - (path.isAbsolute(filename) || filename.startsWith('..')) + (path.isAbsolute(filename) || path.normalize(filename).startsWith('..')) ) { basePath = path.parse( path.resolve(basePath ?? process.cwd(), filename), diff --git a/packages/rule-tester/tests/filename.test.ts b/packages/rule-tester/tests/filename.test.ts index 0e9656702e95..edbf557aae69 100644 --- a/packages/rule-tester/tests/filename.test.ts +++ b/packages/rule-tester/tests/filename.test.ts @@ -57,6 +57,24 @@ describe('rule tester filename', () => { errors: [{ messageId: 'foo' }], filename: '../foo.js', }, + { + name: 'non-normalized relative path starting with ./', + code: '_', + errors: [{ messageId: 'foo' }], + filename: './../../escaped/cwd/file.ts', + }, + { + name: 'non-normalized relative path ./../', + code: '_', + errors: [{ messageId: 'foo' }], + filename: './../foo.js', + }, + { + name: 'non-normalized relative path with multiple ./', + code: '_', + errors: [{ messageId: 'foo' }], + filename: '././../foo.js', + }, ], valid: [], }); @@ -81,6 +99,24 @@ describe('rule tester filename', () => { errors: [{ messageId: 'foo' }], filename: '../foo.js', }, + { + name: 'non-normalized relative path starting with ./', + code: '_', + errors: [{ messageId: 'foo' }], + filename: './../../escaped/cwd/file.ts', + }, + { + name: 'non-normalized relative path ./../', + code: '_', + errors: [{ messageId: 'foo' }], + filename: './../foo.js', + }, + { + name: 'non-normalized relative path with multiple ./', + code: '_', + errors: [{ messageId: 'foo' }], + filename: '././../foo.js', + }, ], valid: [], }); From 6ff0c5a37043ea9609adfe2db932234084a816cf Mon Sep 17 00:00:00 2001 From: dbarabashh Date: Thu, 28 Aug 2025 20:34:27 +0100 Subject: [PATCH 2/2] added test cases --- packages/rule-tester/tests/filename.test.ts | 36 +++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/packages/rule-tester/tests/filename.test.ts b/packages/rule-tester/tests/filename.test.ts index edbf557aae69..8f3442cf670a 100644 --- a/packages/rule-tester/tests/filename.test.ts +++ b/packages/rule-tester/tests/filename.test.ts @@ -75,6 +75,24 @@ describe('rule tester filename', () => { errors: [{ messageId: 'foo' }], filename: '././../foo.js', }, + { + name: 'non-normalized path a/../../', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/../../file.ts', + }, + { + name: 'non-normalized path a/b/../c', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/b/../c', + }, + { + name: 'non-normalized path with multiple slashes', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/////////////../../../b', + }, ], valid: [], }); @@ -117,6 +135,24 @@ describe('rule tester filename', () => { errors: [{ messageId: 'foo' }], filename: '././../foo.js', }, + { + name: 'non-normalized path a/../../', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/../../file.ts', + }, + { + name: 'non-normalized path a/b/../c', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/b/../c', + }, + { + name: 'non-normalized path with multiple slashes', + code: '_', + errors: [{ messageId: 'foo' }], + filename: 'a/////////////../../../b', + }, ], valid: [], });