From 56d14cea73990bbc888142a8457b2b5cb3e9db7a Mon Sep 17 00:00:00 2001 From: Greyforge Admin Date: Tue, 19 May 2026 22:34:15 -0400 Subject: [PATCH] Normalize repeated execpolicy path separators --- src/cortex-execpolicy/src/detection.rs | 51 ++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/src/cortex-execpolicy/src/detection.rs b/src/cortex-execpolicy/src/detection.rs index 3c8b8d854..06a456201 100644 --- a/src/cortex-execpolicy/src/detection.rs +++ b/src/cortex-execpolicy/src/detection.rs @@ -17,7 +17,23 @@ impl<'a> DetectionHelper<'a> { /// Normalize a path for comparison. pub fn normalize_path(path: &str) -> String { - let mut normalized = path.replace("//", "/"); + let mut normalized = String::with_capacity(path.len()); + let mut previous_was_slash = false; + + for ch in path.chars() { + let ch = if ch == '\\' { '/' } else { ch }; + + if ch == '/' { + if previous_was_slash { + continue; + } + previous_was_slash = true; + } else { + previous_was_slash = false; + } + + normalized.push(ch); + } // Handle trailing slashes while normalized.len() > 1 && normalized.ends_with('/') { @@ -29,9 +45,6 @@ impl<'a> DetectionHelper<'a> { normalized = normalized.replacen('~', "/home", 1); } - // Handle Windows paths - normalized = normalized.replace('\\', "/"); - normalized } @@ -994,3 +1007,33 @@ impl<'a> DetectionHelper<'a> { } } } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn normalize_path_collapses_repeated_slashes() { + assert_eq!( + DetectionHelper::normalize_path("///etc/shadow"), + "/etc/shadow" + ); + assert_eq!( + DetectionHelper::normalize_path("////etc//shadow///"), + "/etc/shadow" + ); + assert_eq!( + DetectionHelper::normalize_path("C:\\\\Windows\\System32"), + "C:/Windows/System32" + ); + } + + #[test] + fn sensitive_path_detects_repeated_leading_slashes() { + let config = PolicyConfig::default(); + let helper = DetectionHelper::new(&config); + + assert!(helper.is_sensitive_path("///etc/shadow")); + assert!(helper.is_sensitive_path("////etc//shadow")); + } +}