Harden custom step loader and step remove against symlinks and OSError

Copilot · web-flow · commit 4ebc3204a39c · 2026-06-04T14:49:38.000Z
diff --git a/src/specify_cli/__init__.py b/src/specify_cli/__init__.py
@@ -6294,7 +6294,13 @@ def workflow_step_remove(
     if dir_exists and not in_registry:
         # No registry write needed; just delete the orphaned directory.
         import shutil
-        shutil.rmtree(step_dir)
+        try:
+            shutil.rmtree(step_dir)
+        except OSError as exc:
+            console.print(
+                f"[red]Error:[/red] Failed to remove step directory {step_dir}: {exc}"
+            )
+            raise typer.Exit(1)
     elif in_registry:
         # Remove the registry entry FIRST so that, if the registry write fails
         # (read-only filesystem, permission denied), the on-disk step directory
@@ -6306,7 +6312,13 @@ def workflow_step_remove(
             raise typer.Exit(1)
         if dir_exists:
             import shutil
-            shutil.rmtree(step_dir)
+            try:
+                shutil.rmtree(step_dir)
+            except OSError as exc:
+                console.print(
+                    f"[red]Error:[/red] Failed to remove step directory {step_dir}: {exc}"
+                )
+                raise typer.Exit(1)
     console.print(f"[green]✓[/green] Step type '{step_id}' uninstalled")
 
 
diff --git a/src/specify_cli/workflows/__init__.py b/src/specify_cli/workflows/__init__.py
@@ -89,10 +89,24 @@ def load_custom_steps(project_root: Path) -> list[str]:
     if not steps_dir.is_dir():
         return []
 
+    # Defense-in-depth: refuse to execute step code from a symlinked
+    # parent directory under .specify/workflows/steps, which could redirect
+    # the import outside the project root and bypass the install-time
+    # symlink guard.
+    _current = Path(project_root)
+    for _part in (".specify", "workflows", "steps"):
+        _current = _current / _part
+        if _current.is_symlink():
+            return []
+
     loaded: list[str] = []
     for step_dir in steps_dir.iterdir():
         if not step_dir.is_dir():
             continue
+        # Skip symlinked step directories so the imported package always
+        # resolves to a real directory inside the project root.
+        if step_dir.is_symlink():
+            continue
         step_yml = step_dir / "step.yml"
         init_py = step_dir / "__init__.py"
         if not step_yml.exists() or not init_py.exists():
diff --git a/src/specify_cli/workflows/catalog.py b/src/specify_cli/workflows/catalog.py
@@ -627,6 +627,10 @@ def _load(self) -> dict[str, Any]:
         # read outside the project root.
         if self._has_symlinked_parent():
             return default_registry
+        # Defense-in-depth: also refuse to read a symlinked registry file,
+        # which could redirect the read outside the project root.
+        if self.registry_path.is_symlink():
+            return default_registry
         if self.registry_path.exists():
             try:
                 with open(self.registry_path, encoding="utf-8") as f:
