From 871965f437a7ad15383c7c1baa0537759f8c5722 Mon Sep 17 00:00:00 2001
From: d3m0k1d <d3m0k1d1337@gmail.com>
Date: Mon, 12 Jan 2026 15:56:28 +0300
Subject: [PATCH] Update path validator

---
 internal/blocker/validators.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/internal/blocker/validators.go b/internal/blocker/validators.go
index 5e515fd..1c6a8e7 100644
--- a/internal/blocker/validators.go
+++ b/internal/blocker/validators.go
@@ -1,8 +1,11 @@
 package blocker
 
 import (
+	"errors"
 	"fmt"
 	"net"
+	"path/filepath"
+	"strings"
 )
 
 func validateIP(ip string) error {
@@ -17,10 +20,20 @@ func validateIP(ip string) error {
 	return nil
 }
 
-func validateConfigPath(path string) error {
-	if path == "" {
-		return fmt.Errorf("empty path")
+func validateConfigPath(pathIn string) error {
+	if pathIn == "" {
+		return errors.New("config path cannot be empty")
 	}
+
+	cleanPath := filepath.Clean(pathIn)
+
+	if !filepath.IsAbs(cleanPath) {
+		return fmt.Errorf("config path must be absolute, got: %s", cleanPath)
+	}
+
+	if strings.Contains(cleanPath, "..") {
+		return fmt.Errorf("config path contains path traversal: %s", cleanPath)
+	}
+
 	return nil
-	// TODO: add more valodation
 }