From 5b7951051df6aa5ab8d243e388c4357c166e9102 Mon Sep 17 00:00:00 2001
From: Kujtim Hoxha <kujtimii.h@gmail.com>
Date: Thu, 31 Jul 2025 20:33:22 +0200
Subject: [PATCH] fix: improve path prefix checking reliability

- Replace HasPrefix implementation to use filepath.Rel instead of filepath.Abs
- More reliable method to determine if a path is within a prefix
- Returns false on error conditions
- Preserves same public API for external usage

This addresses review feedback about improving the path checking logic.
---
 internal/fsext/fileutil.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/internal/fsext/fileutil.go b/internal/fsext/fileutil.go
index d0d47eaed4aa946db50a9c5c4a50a0b214e92b0b..5fea26c4bbfa0c490ff4a95b7067605bea7504ff 100644
--- a/internal/fsext/fileutil.go
+++ b/internal/fsext/fileutil.go
@@ -273,12 +273,12 @@ func PathOrPrefix(path, prefix string) string {
 }
 
 // HasPrefix checks if the given path starts with the specified prefix.
+// Uses filepath.Rel to determine if path is within prefix.
 func HasPrefix(path, prefix string) bool {
-	if abs, err := filepath.Abs(path); err == nil {
-		path = abs
-	}
-	if abs, err := filepath.Abs(prefix); err == nil {
-		prefix = abs
+	rel, err := filepath.Rel(prefix, path)
+	if err != nil {
+		return false
 	}
-	return strings.HasPrefix(path, prefix)
+	// If path is within prefix, Rel will not return a path starting with ".."
+	return !strings.HasPrefix(rel, "..")
 }