Replace Path.Combine with Path.Join (#2997)

* Replace Path.Combine with Path.Join across all C# files

Path.Join is preferred over Path.Combine because it does not treat
absolute path segments as rooted, preventing potential path traversal
issues. See dotnet/runtime#24263

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix IDE0370: remove unnecessary null-forgiving operators in ChangelogRemoveService

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Address CodeRabbit review: path traversal hardening, URL construction fixes, and shared utilities

- Add UrlPath static class for URL-safe path joining (always '/', normalises backslashes)
- Add Paths.ValidateSinglePathSegment shared utility; remove duplicated copies
- GitLinkIndexReader: replace IsPathRooted check with full-path containment
  validation to block '..' traversal segments
- DetectionRuleFile: handle Windows path separator in relative path prefix trim
- HtmlWriter: use UrlPath.Join/JoinUrl instead of Path.Join for URL construction
- RepositorySourcesFetcher: use Paths.ValidateSinglePathSegment before joining
  repo.Name into filesystem paths
- DocumentationWebHost: verify slug-derived path stays under ApiPath
- StaticWebHost: verify slug-derived path stays under content root
- SiteNavigationTests: remove redundant nested Path.Join call

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix import ordering in HtmlWriter.cs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Forward appendRepositoryName and assumeCloned on CloneRef retry

Retry calls were dropping non-default arguments, causing retries to
resolve a different checkout folder than the initial attempt.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: Mpdreamz

src/Elastic.ApiExplorer/OpenApiGenerator.cs

@@ -316,7 +316,7 @@ IFileInfo OutputFile(INavigationItem currentNavigation)
 		{
 			const string indexHtml = "index.html";
 			var fileName = Regex.Replace(currentNavigation.Url + "/" + indexHtml, $"^{context.UrlPathPrefix}", string.Empty);
-			var fileInfo = _writeFileSystem.FileInfo.New(Path.Combine(context.OutputDirectory.FullName, fileName.Trim('/')));
+			var fileInfo = _writeFileSystem.FileInfo.New(Path.Join(context.OutputDirectory.FullName, fileName.Trim('/')));
 			return fileInfo;
 		}
 	}

src/Elastic.Codex/Building/CodexBuildService.cs

@@ -150,8 +150,8 @@ public async Task<CodexBuildResult> BuildAll(
 
 			// Build output path: {outputDir}/{sitePrefix}/r/{repoName} or {outputDir}/r/{repoName} if no prefix
 			var outputPath = string.IsNullOrEmpty(sitePrefix)
-				? fileSystem.Path.Combine(context.OutputDirectory.FullName, "r", repoName)
-				: fileSystem.Path.Combine(context.OutputDirectory.FullName, sitePrefix, "r", repoName);
+				? fileSystem.Path.Join(context.OutputDirectory.FullName, "r", repoName)
+				: fileSystem.Path.Join(context.OutputDirectory.FullName, sitePrefix, "r", repoName);
 
 			// Build URL path prefix: /r/{repoName} or /{sitePrefix}/r/{repoName}
 			var pathPrefix = string.IsNullOrEmpty(sitePrefix)
@@ -311,7 +311,7 @@ private async Task OutputRedirectsAsync(CodexContext context, Dictionary<string,
 		var uniqueRedirects = redirects
 			.Where(x => !x.Key.TrimEnd('/').Equals(x.Value.TrimEnd('/'), StringComparison.OrdinalIgnoreCase))
 			.ToDictionary();
-		var redirectsFile = context.WriteFileSystem.FileInfo.New(context.WriteFileSystem.Path.Combine(context.OutputDirectory.FullName, "redirects.json"));
+		var redirectsFile = context.WriteFileSystem.FileInfo.New(context.WriteFileSystem.Path.Join(context.OutputDirectory.FullName, "redirects.json"));
 		_logger.LogInformation("Writing {Count} resolved redirects to {Path}", uniqueRedirects.Count, redirectsFile.FullName);
 
 		var redirectsJson = JsonSerializer.Serialize(uniqueRedirects, SourceGenerationContext.Default.DictionaryStringString);

src/Elastic.Codex/CodexContext.cs

@@ -45,10 +45,10 @@ public CodexContext(
 		ReadFileSystem = readFileSystem;
 		WriteFileSystem = writeFileSystem;
 
-		var defaultCheckoutDirectory = Path.Combine(Paths.GitCommonRoot.FullName, ".artifacts", "codex", "clone");
+		var defaultCheckoutDirectory = Path.Join(Paths.GitCommonRoot.FullName, ".artifacts", "codex", "clone");
 		CheckoutDirectory = ReadFileSystem.DirectoryInfo.New(checkoutDirectory ?? defaultCheckoutDirectory);
 
-		var defaultOutputDirectory = Path.Combine(Paths.WorkingDirectoryRoot.FullName, ".artifacts", "codex", "docs");
+		var defaultOutputDirectory = Path.Join(Paths.WorkingDirectoryRoot.FullName, ".artifacts", "codex", "docs");
 		OutputDirectory = ReadFileSystem.DirectoryInfo.New(outputDirectory ?? defaultOutputDirectory);
 	}
 }

src/Elastic.Codex/CodexGenerator.cs

@@ -88,7 +88,7 @@ private async Task ExtractEmbeddedStaticResources(Cancel ctx)
 				.Replace("_static.", $"_static{Path.DirectorySeparatorChar}");
 
 			// Output to codex's URL prefix directory (e.g., internal-docs/_static/)
-			var outputPath = Path.Combine(
+			var outputPath = Path.Join(
 				_outputDirectory.FullName,
 				context.UrlPathPrefix?.Trim('/') ?? string.Empty,
 				path);
@@ -174,7 +174,7 @@ private IFileInfo GetOutputFile(string url)
 		const string indexHtml = "index.html";
 		// Keep the full URL path so file structure matches URLs
 		var fileName = url.TrimStart('/') + "/" + indexHtml;
-		return _writeFileSystem.FileInfo.New(Path.Combine(_outputDirectory.FullName, fileName.Trim('/')));
+		return _writeFileSystem.FileInfo.New(Path.Join(_outputDirectory.FullName, fileName.Trim('/')));
 	}
 }
 

src/Elastic.Codex/Sourcing/CodexCloneService.cs

@@ -34,7 +34,7 @@ public class CodexCloneService(ILoggerFactory logFactory, ILinkIndexReader linkI
 		if (!checkoutDir.Exists)
 			return null;
 
-		var snapshotFilePath = Path.Combine(checkoutDir.FullName, LinkRegistrySnapshotFileName);
+		var snapshotFilePath = Path.Join(checkoutDir.FullName, LinkRegistrySnapshotFileName);
 		if (!context.ReadFileSystem.File.Exists(snapshotFilePath))
 			return null;
 
@@ -44,7 +44,7 @@ public class CodexCloneService(ILoggerFactory logFactory, ILinkIndexReader linkI
 		var checkouts = new List<CodexCheckout>();
 		foreach (var subDir in checkoutDir.GetDirectories())
 		{
-			var gitDir = Path.Combine(subDir.FullName, ".git");
+			var gitDir = Path.Join(subDir.FullName, ".git");
 			if (!context.ReadFileSystem.Directory.Exists(gitDir))
 				continue;
 
@@ -128,7 +128,7 @@ await Parallel.ForEachAsync(
 		if (Path.IsPathRooted(LinkRegistrySnapshotFileName))
 			throw new InvalidOperationException($"Snapshot file name '{LinkRegistrySnapshotFileName}' must be a relative path.");
 
-		var snapshotFilePath = Path.Combine(context.CheckoutDirectory.FullName, LinkRegistrySnapshotFileName);
+		var snapshotFilePath = Path.Join(context.CheckoutDirectory.FullName, LinkRegistrySnapshotFileName);
 
 		await context.WriteFileSystem.File.WriteAllTextAsync(
 			snapshotFilePath,
@@ -169,7 +169,7 @@ await context.WriteFileSystem.File.WriteAllTextAsync(
 		}
 
 		var repoDir = context.ReadFileSystem.DirectoryInfo.New(
-			Path.Combine(context.CheckoutDirectory.FullName, repoName));
+			Path.Join(context.CheckoutDirectory.FullName, repoName));
 
 		var gitUrl = GetGitUrl($"elastic/{repoName}");
 		var gitRef = fetchLatest ? entry.Branch : entry.GitReference;
@@ -238,7 +238,7 @@ await context.WriteFileSystem.File.WriteAllTextAsync(
 	{
 		foreach (var candidate in DocsetSearchPaths)
 		{
-			var path = Path.Combine(repoDir.FullName, candidate);
+			var path = Path.Join(repoDir.FullName, candidate);
 			var file = fileSystem.FileInfo.New(path);
 			if (file.Exists)
 				return file;

src/Elastic.Codex/Sourcing/CodexGitRepository.cs

@@ -28,7 +28,7 @@ public class CodexGitRepository(ILoggerFactory logFactory, IDiagnosticsCollector
 
 	public void Init() => ExecIn(EnvironmentVars, "git", "init");
 
-	public bool IsInitialized() => Directory.Exists(Path.Combine(WorkingDirectory.FullName, ".git"));
+	public bool IsInitialized() => Directory.Exists(Path.Join(WorkingDirectory.FullName, ".git"));
 
 	public void Fetch(string reference) =>
 		ExecIn(EnvironmentVars, "git", "fetch", "--no-tags", "--prune", "--no-recurse-submodules", "--depth", "1", "origin", reference);

src/Elastic.Documentation.Configuration/Assembler/AssemblyConfiguration.cs

@@ -35,7 +35,7 @@ public static AssemblyConfiguration Deserialize(string yaml, bool skipPrivateRep
 				&& Paths.GetSolutionDirectory() is { } solutionDir
 			   )
 			{
-				var docsRepositoryPath = Path.Combine(solutionDir.FullName, "docs");
+				var docsRepositoryPath = Path.Join(solutionDir.FullName, "docs");
 				config.ReferenceRepositories["docs-builder"] = docsContentRepository with
 				{
 					Skip = false,

src/Elastic.Documentation.Configuration/BuildContext.cs

@@ -103,15 +103,15 @@ public BuildContext(
 
 		var rootFolder = !string.IsNullOrWhiteSpace(source)
 			? ReadFileSystem.DirectoryInfo.New(source)
-			: ReadFileSystem.DirectoryInfo.New(Path.Combine(Paths.WorkingDirectoryRoot.FullName));
+			: ReadFileSystem.DirectoryInfo.New(Path.Join(Paths.WorkingDirectoryRoot.FullName));
 
 		(DocumentationSourceDirectory, ConfigurationPath) = Paths.FindDocsFolderFromRoot(ReadFileSystem, rootFolder);
 
 		DocumentationCheckoutDirectory = Paths.DetermineSourceDirectoryRoot(DocumentationSourceDirectory);
 
 		OutputDirectory = !string.IsNullOrWhiteSpace(output)
 			? WriteFileSystem.DirectoryInfo.New(output)
-			: WriteFileSystem.DirectoryInfo.New(Path.Combine(rootFolder.FullName, Path.Combine(".artifacts", "docs", "html")));
+			: WriteFileSystem.DirectoryInfo.New(Path.Join(rootFolder.FullName, Path.Join(".artifacts", "docs", "html")));
 
 		if (ConfigurationPath.FullName != DocumentationSourceDirectory.FullName)
 			DocumentationSourceDirectory = ConfigurationPath.Directory!;

src/Elastic.Documentation.Configuration/Builder/ConfigurationFile.cs

@@ -140,7 +140,7 @@ public ConfigurationFile(DocumentationSetFile docSetFile, IDocumentationSetConte
 				var specs = new Dictionary<string, IFileInfo>(StringComparer.OrdinalIgnoreCase);
 				foreach (var (k, v) in docSetFile.Api)
 				{
-					var path = Path.Combine(context.DocumentationSourceDirectory.FullName, v);
+					var path = Path.Join(context.DocumentationSourceDirectory.FullName, v);
 					var fi = context.ReadFileSystem.FileInfo.New(path);
 					specs[k] = fi;
 				}

src/Elastic.Documentation.Configuration/Builder/RedirectFile.cs

@@ -19,7 +19,7 @@ public RedirectFile(IDocumentationSetContext context, IFileInfo? source = null)
 	{
 		var docsetConfigurationPath = context.ConfigurationPath;
 		var redirectFileName = docsetConfigurationPath.Name.StartsWith('_') ? "_redirects.yml" : "redirects.yml";
-		var redirectFileInfo = docsetConfigurationPath.FileSystem.FileInfo.New(Path.Combine(docsetConfigurationPath.Directory!.FullName, redirectFileName));
+		var redirectFileInfo = docsetConfigurationPath.FileSystem.FileInfo.New(Path.Join(docsetConfigurationPath.Directory!.FullName, redirectFileName));
 		Source = source ?? redirectFileInfo;
 		Context = context;