From c9fd0d8391d8a2e39b05269d21e79261ae57c1e6 Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Tue, 22 Aug 2023 16:20:44 +0000
Subject: [PATCH] build.run: prohibit absolute paths in `BuildPlan.add_file`.

This makes the build impure and also causes the contents of a file
outside of the build directory to be overwritten.

The check in `BuildPlan.execute_local` is also expanded to cover
the possibility of an absolute path sneaking through.
---
 amaranth/build/run.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/amaranth/build/run.py b/amaranth/build/run.py
index 47e8f99..c4b5783 100644
--- a/amaranth/build/run.py
+++ b/amaranth/build/run.py
@@ -33,6 +33,9 @@ class BuildPlan:
         forward slashes (``/``).
         """
         assert isinstance(filename, str) and filename not in self.files
+        if (pathlib.PurePosixPath(filename).is_absolute or
+                pathlib.PureWindowsPath(filename).is_absolute):
+            raise ValueError(f"Filename {filename!r} must not be an absolute path")
         self.files[filename] = content
 
     def digest(self, size=64):
@@ -78,9 +81,9 @@ class BuildPlan:
 
             for filename, content in self.files.items():
                 filename = pathlib.Path(filename)
-                # Forbid parent directory components completely to avoid the possibility
-                # of writing outside the build root.
-                assert ".." not in filename.parts
+                # Forbid parent directory components and absolute paths completely to avoid
+                # the possibility of writing outside the build root.
+                assert not filename.is_absolute and ".." not in filename.parts
                 dirname = os.path.dirname(filename)
                 if dirname:
                     os.makedirs(dirname, exist_ok=True)