From c6ebe47511892817b34e6e6c6c94aba9b6d8ebbd Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Tue, 21 Oct 2025 22:47:41 +0200
Subject: [PATCH] Fix path validation false positive

---
 pkg/manager/persistence.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/pkg/manager/persistence.go b/pkg/manager/persistence.go
index e9f2238..38c1c82 100644
--- a/pkg/manager/persistence.go
+++ b/pkg/manager/persistence.go
@@ -49,14 +49,15 @@ func (p *instancePersister) save(inst *instance.Instance) error {
 	}
 
 	// Validate instance name to prevent path traversal
-	if err := p.validateInstanceName(inst.Name); err != nil {
+	validatedName, err := p.validateInstanceName(inst.Name)
+	if err != nil {
 		return err
 	}
 
 	p.mu.Lock()
 	defer p.mu.Unlock()
 
-	instancePath := filepath.Join(p.instancesDir, inst.Name+".json")
+	instancePath := filepath.Join(p.instancesDir, validatedName+".json")
 	tempPath := instancePath + ".tmp"
 
 	// Serialize instance to JSON
@@ -106,14 +107,15 @@ func (p *instancePersister) delete(name string) error {
 		return nil
 	}
 
-	if err := p.validateInstanceName(name); err != nil {
+	validatedName, err := p.validateInstanceName(name)
+	if err != nil {
 		return err
 	}
 
 	p.mu.Lock()
 	defer p.mu.Unlock()
 
-	instancePath := filepath.Join(p.instancesDir, name+".json")
+	instancePath := filepath.Join(p.instancesDir, validatedName+".json")
 
 	if err := os.Remove(instancePath); err != nil {
 		if os.IsNotExist(err) {
@@ -199,17 +201,18 @@ func (p *instancePersister) loadInstanceFile(name, path string) (*instance.Insta
 }
 
 // validateInstanceName ensures the instance name is safe for filesystem operations.
-func (p *instancePersister) validateInstanceName(name string) error {
+// Returns the validated name if valid, or an error if invalid.
+func (p *instancePersister) validateInstanceName(name string) (string, error) {
 	if name == "" {
-		return fmt.Errorf("instance name cannot be empty")
+		return "", fmt.Errorf("instance name cannot be empty")
 	}
 
 	cleaned := filepath.Clean(name)
 
 	// After cleaning, name should not contain any path separators
 	if cleaned != name || strings.Contains(cleaned, string(filepath.Separator)) {
-		return fmt.Errorf("invalid instance name: %s", name)
+		return "", fmt.Errorf("invalid instance name: %s", name)
 	}
 
-	return nil
+	return cleaned, nil
 }