Summary
Several lower-severity VFS and parser issues found during the deep audit:
TM-DOS-046: MountableFs at fs/mountable.rs:348-491 has zero validate_path() calls across all FileSystem trait methods. Path depth/character validation is completely bypassed for mounted filesystems.
TM-DOS-049: collect_dirs_recursive at interpreter/mod.rs:8352 has no explicit depth limit when recursing through VFS directory trees. Mitigated by max_path_depth in FsLimits but no direct protection.
TM-DOS-050: parse_word_string at parser/mod.rs:109 creates a parser with default limits, ignoring caller-configured tighter limits. Parameter expansion in word contexts gets unlimited parser operations.
Impact — LOW to MEDIUM
- TM-DOS-046: Path validation gaps in mounted filesystems
- TM-DOS-049: Theoretical deep recursion DoS (mitigated by existing limits)
- TM-DOS-050: Parser limit bypass in parameter expansion
Recommended fix
- Add
validate_path() to all MountableFs FileSystem methods
- Add explicit depth parameter to
collect_dirs_recursive
- Propagate limits through
parse_word_string
Cross-references
Summary
Several lower-severity VFS and parser issues found during the deep audit:
TM-DOS-046:
MountableFsatfs/mountable.rs:348-491has zerovalidate_path()calls across allFileSystemtrait methods. Path depth/character validation is completely bypassed for mounted filesystems.TM-DOS-049:
collect_dirs_recursiveatinterpreter/mod.rs:8352has no explicit depth limit when recursing through VFS directory trees. Mitigated bymax_path_depthin FsLimits but no direct protection.TM-DOS-050:
parse_word_stringatparser/mod.rs:109creates a parser with default limits, ignoring caller-configured tighter limits. Parameter expansion in word contexts gets unlimited parser operations.Impact — LOW to MEDIUM
Recommended fix
validate_path()to all MountableFs FileSystem methodscollect_dirs_recursiveparse_word_stringCross-references