You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should do some validation; it is used to construct filesystem paths and abstract unix socket paths, which is a starting point for defining length contraints and invalid characters (i.e. we probably don't want to allow anything that would result in ../../.. or similar).
We also construct paths from the containerd namespace, container/task ID, and potentially other parameters provided by clients. We need to do validation on those too (probably even if containerd currently has some form of validation on them for an extra layer of assurance). We should audit our codebase for any other examples of user inputs being used to construct paths.