From e2b69a44a977c69c0660ddfae2ef9bc8413a2c5f Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 15 May 2026 20:14:50 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20[code=20health]=20simplify=20dir?=
 =?UTF-8?q?ectory=20traversal=20checks=20in=20renv-cache?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Refactored the `empty_dir` and `rm_dirs` functions in `src/renv-cache/install.sh` to use a simplified, clean bash regular expression `[[ "$dir" =~ (/\.($|/)|/\.\.($|/)) ]]` instead of a long chain of explicit string comparisons. This improves code readability and maintainability while preserving the exact same functionality to block unsafe path traversal segments (`.`, `..`).

Co-authored-by: MiguelRodo <23501332+MiguelRodo@users.noreply.github.com>
---
 src/renv-cache/install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/renv-cache/install.sh b/src/renv-cache/install.sh
index 38e6ab6..16cc0a2 100755
--- a/src/renv-cache/install.sh
+++ b/src/renv-cache/install.sh
@@ -95,7 +95,7 @@ empty_dir() {
     fi
 
     # Block path traversal and root-equivalent segments ( . and .. )
-    if [[ "$directory" == *"/./"* || "$directory" == *"/../"* || "$directory" == "/." || "$directory" == "/.." || "$directory" == */. || "$directory" == */.. ]]; then
+    if [[ "$directory" =~ (/\.($|/)|/\.\.($|/)) ]]; then
         echo "[ERROR] Refusing to empty directory: '$directory' (unsafe segment: . or ..)"
         return 1
     fi
@@ -132,7 +132,7 @@ rm_dirs() {
         fi
 
         # Block path traversal and root-equivalent segments ( . and .. )
-        if [[ "$dir" == *"/./"* || "$dir" == *"/../"* || "$dir" == "/." || "$dir" == "/.." || "$dir" == */. || "$dir" == */.. ]]; then
+        if [[ "$dir" =~ (/\.($|/)|/\.\.($|/)) ]]; then
             echo "[ERROR] Refusing to remove directory: '$dir' (unsafe segment: . or ..)"
             continue
         fi