fix: Potential fix for code scanning alert no. 14: Uncontrolled data used in path expression (#11)

* Potential fix for code scanning alert no. 14: Uncontrolled data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: address review comments on safePath - skip empty segments and reuse resolved baseDir

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: skyoo2003

internal/services/s3/store.go

@@ -44,22 +44,36 @@ func validPathComponent(part string) error {
 // escape the base directory. It returns an error on path traversal attempts.
 // All components must be single path segments (no separators).
 func (fs *FileStore) safePath(parts ...string) (string, error) {
-	joined := filepath.Join(append([]string{fs.baseDir}, parts...)...)
-	cleaned := filepath.Clean(joined)
-
-	// Resolve symlinks if the candidate path exists; otherwise use cleaned.
-	candidate := cleaned
-	if resolved, err := filepath.EvalSymlinks(cleaned); err == nil {
+	cleanParts := make([]string, 0, len(parts))
+	for _, part := range parts {
+		if part == "" {
+			continue
+		}
+		if filepath.IsAbs(part) {
+			return "", fmt.Errorf("absolute path segment not allowed: %s", part)
+		}
+		cleanPart := filepath.Clean(part)
+		if cleanPart == ".." || strings.HasPrefix(cleanPart, ".."+string(filepath.Separator)) {
+			return "", fmt.Errorf("path traversal detected in segment: %s", part)
+		}
+		cleanParts = append(cleanParts, cleanPart)
+	}
+
+	candidate := filepath.Join(append([]string{fs.baseDir}, cleanParts...)...)
+
+	// Resolve symlinks if the candidate path exists; otherwise use the joined path.
+	if resolved, err := filepath.EvalSymlinks(candidate); err == nil {
 		candidate = resolved
 	}
 
 	rel, err := filepath.Rel(fs.baseDir, candidate)
 	if err != nil {
 		return "", fmt.Errorf("resolve relative path: %w", err)
 	}
-	if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) {
+	if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) || filepath.IsAbs(rel) {
 		return "", fmt.Errorf("path traversal detected: %s", candidate)
 	}
+
 	return candidate, nil
 }