From 0d9b5c2a0087a66de99e38f382f067192c3f38ba Mon Sep 17 00:00:00 2001
From: Leo Zlotnikov <zlotnleo@gmail.com>
Date: Sat, 8 Apr 2023 17:24:41 +0100
Subject: [PATCH] [Fix] fix directory traversal when workdir path is not
 readable

---
 nvm.sh                                    | 4 ++--
 test/fast/Unit tests/nvm_find_project_dir | 3 +++
 test/fast/Unit tests/nvm_find_up          | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/nvm.sh b/nvm.sh
index 8b5119b..c4a948f 100644
--- a/nvm.sh
+++ b/nvm.sh
@@ -418,7 +418,7 @@ nvm_tree_contains_path() {
 nvm_find_project_dir() {
   local path_
   path_="${PWD}"
-  while [ "${path_}" != "" ] && [ ! -f "${path_}/package.json" ] && [ ! -d "${path_}/node_modules" ]; do
+  while [ "${path_}" != "" ] && [ "${path_}" != '.' ] && [ ! -f "${path_}/package.json" ] && [ ! -d "${path_}/node_modules" ]; do
     path_=${path_%/*}
   done
   nvm_echo "${path_}"
@@ -428,7 +428,7 @@ nvm_find_project_dir() {
 nvm_find_up() {
   local path_
   path_="${PWD}"
-  while [ "${path_}" != "" ] && [ ! -f "${path_}/${1-}" ]; do
+  while [ "${path_}" != "" ] && [ "${path_}" != '.' ] && [ ! -f "${path_}/${1-}" ]; do
     path_=${path_%/*}
   done
   nvm_echo "${path_}"
diff --git a/test/fast/Unit tests/nvm_find_project_dir b/test/fast/Unit tests/nvm_find_project_dir
index 7dc46df..1bfcf16 100755
--- a/test/fast/Unit tests/nvm_find_project_dir	
+++ b/test/fast/Unit tests/nvm_find_project_dir	
@@ -31,3 +31,6 @@ ACTUAL="$(PWD=$TEST_DIR/no-nesting-n_m nvm_find_project_dir)"
 
 ACTUAL="$(PWD=$TEST_DIR/no-nesting-pkg nvm_find_project_dir)"
 [ "${ACTUAL}" = "$TEST_DIR/no-nesting-pkg" ] || die "no-nesting-pkg: got ${ACTUAL}"
+
+ACTUAL="$(PWD="." nvm_find_project_dir)"
+[ "${ACTUAL}" = "." ] || die "insufficient permissions for pwd: got ${ACTUAL}"
diff --git a/test/fast/Unit tests/nvm_find_up b/test/fast/Unit tests/nvm_find_up
index 29c4e42..73f7d21 100755
--- a/test/fast/Unit tests/nvm_find_up	
+++ b/test/fast/Unit tests/nvm_find_up	
@@ -21,5 +21,6 @@ TEST_DIR="$PWD"
 [ "~$(PWD=$TEST_DIR/tmp_nvm_find_up/a/b nvm_find_up 'test')" = "~$TEST_DIR/tmp_nvm_find_up" ] || die "failed to find 2 dirs up"
 [ "~$(PWD=$TEST_DIR/tmp_nvm_find_up/a/b/c nvm_find_up 'test')" = "~$TEST_DIR/tmp_nvm_find_up/a/b/c" ] || die "failed to find in current dir"
 [ "~$(PWD=$TEST_DIR/tmp_nvm_find_up/a/b/c/d nvm_find_up 'test')" = "~$TEST_DIR/tmp_nvm_find_up/a/b/c" ] || die "failed to find 1 level up from current dir"
+[ "~$(PWD="." nvm_find_up 'test')" = "~." ] || die "failed to handle '.' output from pwd"
 
 cleanup