[PPSC-602] CWE-367: TOCTOU race in SafeJoinPath

[shb7628]

Summary

• Addresses GitHub security alert #587
• Resolve symlinks with EvalSymlinks before validation to mitigate race

Test plan

• Code compiles successfully (go build ./...)
• Existing tests pass
• Change is minimal and focused on the security finding

Generated with Claude Code

[github-actions]

 Security Scan Results

🟠 HIGH issues found

Severity	Count
🟠 HIGH	1

Total: 1

View all 1 findings

🟠 HIGH (1)

CWE-22_armis-cli_38295677_internal/util/path.go_30_2_30_29 - Broken Access Control (CWE-22

Location: internal/util/path.go:30

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')): The SanitizePath function receives a path string p, checks only for literal ".." segments, and then returns filepath.Clean(p) without verifying whether the cleaned result is an absolute path. Because there is no absolute‑path rejection, an attacker who can control p can supply a value such as "/etc/passwd". The cleaned absolute path is returned to the caller, allowing the caller to access files outside any intended base directory. This matches CWE‑22 (Improper Limitation of a Pathname to a Restricted Directory). The function is part of a CLI utility, which can be invoked directly by users, giving the vulnerability immediate external exposure. Consequently, the flaw is exploitable and classified as a true positive.

CWEs: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')