From 3b9c01ea6c3d3bc49739eee1d1e2502d41d22e63 Mon Sep 17 00:00:00 2001
From: Michael Smith <throwawayclover@gmail.com>
Date: Wed, 9 Apr 2025 16:07:58 +0000
Subject: [PATCH] fix: ensure relative avatars keep small scope

---
 scripts/validate-contributor-readmes/main.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/validate-contributor-readmes/main.go b/scripts/validate-contributor-readmes/main.go
index 0a00f995..6cc3ed7d 100644
--- a/scripts/validate-contributor-readmes/main.go
+++ b/scripts/validate-contributor-readmes/main.go
@@ -414,7 +414,7 @@ func parseContributorFiles(readmeEntries []readme) (
 			contributorProfileFrontmatter: yml,
 		}
 
-		if prev, conflict := frontmatterByUsername[processed.GithubUsername]; conflict {
+		if prev, isConflict := frontmatterByUsername[processed.GithubUsername]; isConflict {
 			yamlParsingErrors.Errors = append(
 				yamlParsingErrors.Errors,
 				fmt.Errorf(
@@ -534,6 +534,17 @@ func validateRelativeUrls(
 			continue
 		}
 
+		if strings.HasPrefix(*con.AvatarUrl, "..") {
+			problems = append(
+				problems,
+				fmt.Errorf(
+					"%q: relative avatar URLs cannot be placed outside a user's namespaced directory",
+					con.FilePath,
+				),
+			)
+			continue
+		}
+
 		absolutePath := strings.TrimSuffix(con.FilePath, "README.md") +
 			*con.AvatarUrl
 		_, err := os.ReadFile(absolutePath)