Replace string prefix matching with Path.is_relative_to() to correctly
handle Windows paths like "C:\" where trailing backslash caused double
separator issues (e.g., "C:\\" instead of "C:\").
Changes:
- Use Path.is_relative_to() for subdirectory detection (requires Python 3.9+)
- Add Windows path handling tests using PureWindowsPath
- Update test_utils.py to expect /etc/passwd to be blocked (security fix)
The is_dangerous_path() function only did exact string matching,
allowing attackers to bypass protection by accessing subdirectories:
- /etc was blocked but /etc/passwd was allowed
- C:\Windows was blocked but C:\Windows\System32\... was allowed
This minimal fix changes is_dangerous_path() to use PREFIX MATCHING:
- Now blocks dangerous directories AND all their subdirectories
- Paths like /etcbackup are still allowed (not under /etc)
- No changes to DANGEROUS_PATHS list
Security:
- Fixes CWE-22: Path Traversal vulnerability
- Reported by: Team off-course (K-Shield.Jr 15th)
Fixes#312Fixes#293
