fix(config): prevent path traversal manipulation of target changelog …

…location
python-semantic-release · Jul 4, 2024 · 43e35d0 · 43e35d0
1 parent be4919c
commit 43e35d0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/semantic_release/cli/config.py b/semantic_release/cli/config.py
@@ -568,15 +568,15 @@ def from_raw_config(  # noqa: C901
         )
 
         # changelog_file
-        changelog_file = Path(raw.changelog.changelog_file).resolve()
+        changelog_file = Path(raw.changelog.changelog_file).expanduser().resolve()
 
         # Prevent path traversal attacks
         if raw.repo_dir not in changelog_file.parents:
             raise InvalidConfiguration(
                 "Changelog file destination must be inside of the repository directory."
             )
 
-        template_dir = (raw.repo_dir / raw.changelog.template_dir).resolve()
+        template_dir = Path(raw.changelog.template_dir).expanduser().resolve()
 
         # Prevent path traversal attacks
         if raw.repo_dir not in template_dir.parents: