Prohibit config section names with relative paths (#2193)

CHANGELOG.rst

@@ -27,6 +27,12 @@ Added
 
 - ``rebalancer_enabled`` field to boxinfo GraphQL API.
 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Changed
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Config section names with relative paths are prohibited.
+
 -------------------------------------------------------------------------------
 [2.8.6] - 2024-02-01
 -------------------------------------------------------------------------------

cartridge/clusterwide-config.lua

@@ -492,6 +492,13 @@ local function save(clusterwide_config, path)
     end
 
     for section, content in pairs(clusterwide_config._plaintext) do
+        if section:find("%.%.") then -- filename contains '..'
+            err = SaveConfigError:new(
+                'Relative paths in config is prohibited: %q',
+                section
+            )
+            goto rollback
+        end
         local abspath = fio.pathjoin(random_path, section)
         local dirname = fio.dirname(abspath)
 

test/unit/clusterwide_config_test.lua

@@ -361,6 +361,22 @@ function g.test_save_err()
     t.assert_equals(utils.file_read(g.tempdir .. '/config'), '---\n...')
 end
 
+function g.test_relative_path_err()
+    write_tree({['config'] = '---\n...'})
+    local relative_path = '../../file'
+    local cfg = ClusterwideConfig.new({[relative_path] = 'content'})
+    local ok, err = ClusterwideConfig.save(cfg, g.tempdir .. '/config')
+    t.assert_equals(ok, nil)
+    t.assert_covers(err, {
+        class_name = 'SaveConfigError',
+        err = string.format(
+            "Relative paths in config is prohibited: %q",
+            relative_path
+        )
+    })
+    t.assert_equals(utils.file_read(g.tempdir .. '/config'), '---\n...')
+end
+
 function g.test_save_ok()
     local cfg = ClusterwideConfig.new()
     local ok, err = ClusterwideConfig.save(cfg, g.tempdir .. '/cfg1')