Sanitize paths

Author: cotti

src/services/Elastic.Changelog/Bundling/ChangelogBundlingService.cs

@@ -375,10 +375,11 @@ public async Task<bool> BundleChangelogs(IDiagnosticsCollector collector, Bundle
 			{
 				// Resolution order: bundle.output_directory → input.OutputDirectory (programmatic override)
 				// → bundle.directory → CWD
-				var outputDir = config.Bundle.OutputDirectory
+				var outputDir = (config.Bundle.OutputDirectory
 					?? input.OutputDirectory
 					?? config.Bundle.Directory
-					?? _fileSystem.Directory.GetCurrentDirectory();
+					?? _fileSystem.Directory.GetCurrentDirectory())
+					.Replace('/', _fileSystem.Path.DirectorySeparatorChar);
 				outputPath = _fileSystem.Path.Join(outputDir, outputPattern);
 			}
 
@@ -418,18 +419,18 @@ public async Task<bool> BundleChangelogs(IDiagnosticsCollector collector, Bundle
 		};
 	}
 
-	private static BundleChangelogsArguments ApplyConfigDefaults(BundleChangelogsArguments input, ChangelogConfiguration? config)
+	private BundleChangelogsArguments ApplyConfigDefaults(BundleChangelogsArguments input, ChangelogConfiguration? config)
 	{
 		// Apply directory: CLI takes precedence. Only use config when --directory not specified.
-		var directory = input.Directory ?? config?.Bundle?.Directory ?? Directory.GetCurrentDirectory();
+		var directory = input.Directory ?? config?.Bundle?.Directory ?? _fileSystem.Directory.GetCurrentDirectory();
 
 		if (config?.Bundle == null)
 			return input with { Directory = directory, LinkAllowRepos = null };
 
 		// Apply output default when --output not specified: use bundle.output_directory if set
 		var output = input.Output;
 		if (string.IsNullOrWhiteSpace(output) && !string.IsNullOrWhiteSpace(config.Bundle.OutputDirectory))
-			output = Path.Join(config.Bundle.OutputDirectory, "changelog-bundle.yaml");
+			output = _fileSystem.Path.Join(config.Bundle.OutputDirectory.Replace('/', _fileSystem.Path.DirectorySeparatorChar), "changelog-bundle.yaml");
 
 		// Apply resolve: CLI takes precedence over config. Only use config when CLI did not specify.
 		var resolve = input.Resolve ?? config.Bundle.Resolve;
@@ -500,13 +501,14 @@ private static BundleChangelogsArguments ApplyConfigDefaults(BundleChangelogsArg
 			var outputPattern = profileDef.Output
 				.Replace("{version}", version)
 				.Replace("{lifecycle}", lifecycle);
-			var outputDir = config?.Bundle?.OutputDirectory
+			var outputDir = (config?.Bundle?.OutputDirectory
 				?? config?.Bundle?.Directory
-				?? _fileSystem.Directory.GetCurrentDirectory();
+				?? _fileSystem.Directory.GetCurrentDirectory())
+				.Replace('/', _fileSystem.Path.DirectorySeparatorChar);
 			outputPath = _fileSystem.Path.Join(outputDir, outputPattern);
 		}
 		else if (string.IsNullOrWhiteSpace(outputPath) && config?.Bundle?.OutputDirectory != null)
-			outputPath = _fileSystem.Path.Join(config.Bundle.OutputDirectory, "changelog-bundle.yaml");
+			outputPath = _fileSystem.Path.Join(config.Bundle.OutputDirectory.Replace('/', _fileSystem.Path.DirectorySeparatorChar), "changelog-bundle.yaml");
 
 		return new BundlePlanResult
 		{

src/services/Elastic.Changelog/Uploading/ChangelogUploadService.cs

@@ -99,6 +99,8 @@ public async Task<bool> Upload(IDiagnosticsCollector collector, ChangelogUploadA
 
 	internal IReadOnlyList<UploadTarget> DiscoverUploadTargets(IDiagnosticsCollector collector, string changelogDir)
 	{
+		var rootDir = _fileSystem.DirectoryInfo.New(changelogDir);
+
 		var yamlFiles = _fileSystem.Directory.GetFiles(changelogDir, "*.yaml", SearchOption.TopDirectoryOnly)
 			.Concat(_fileSystem.Directory.GetFiles(changelogDir, "*.yml", SearchOption.TopDirectoryOnly))
 			.ToList();
@@ -107,6 +109,13 @@ internal IReadOnlyList<UploadTarget> DiscoverUploadTargets(IDiagnosticsCollector
 
 		foreach (var filePath in yamlFiles)
 		{
+			var fileInfo = _fileSystem.FileInfo.New(filePath);
+			if (SymlinkValidator.ValidateFileAccess(fileInfo, rootDir) is { } accessError)
+			{
+				collector.EmitWarning(filePath, $"Skipping: {accessError}");
+				continue;
+			}
+
 			var products = ReadProductsFromFragment(filePath);
 			if (products.Count == 0)
 			{