From a0389fb98fd86295cbfeb7c64b8effc53f3beb64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Barroso=20Galindo?=
 <theypsilon@gmail.com>
Date: Wed, 12 Apr 2023 01:10:15 +0200
Subject: [PATCH] Improving is_valid_path

---
 .github/db_operator.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/db_operator.py b/.github/db_operator.py
index e880c3826..1e7ede991 100755
--- a/.github/db_operator.py
+++ b/.github/db_operator.py
@@ -201,7 +201,15 @@ def is_valid_url(url: str) -> bool:
 
 def is_valid_path(path: str) -> bool:
     try:
-        return Path(path).is_relative() and len(path) >= 3
+        p = Path(path)
+        if not p.is_relative() or len(path) < 3:
+            return False
+
+        for part in p.parts:
+            if part in ['..', '.']:
+                return False
+
+        return True
     except Exception:
         return False