From 82620db8cfc41f80b4f0dde7d9eee92e6eb7aa0d Mon Sep 17 00:00:00 2001
From: Stefan Boberg <stefan@boberg.org>
Date: Fri, 20 Mar 2026 19:58:36 +0100
Subject: Reject local file references in package parsing by default

- Add ParseFlags enum with kAllowLocalReferences opt-in flag
- Default to rejecting local refs in ParsePackageMessage and
  CbPackageReader, protecting against path traversal from untrusted
  remote clients
- Add HttpService::AcceptsLocalFileReferences() virtual (default false)
- Override to true in HttpStructuredCacheService and HttpProjectService,
  which need local refs for the local UE cooker optimization
- Both server ingest paths now require IsLocalMachineRequest() AND
  AcceptsLocalFileReferences() before allowing local refs
---
 src/zenserver/storage/cache/httpstructuredcache.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/zenserver/storage/cache/httpstructuredcache.cpp')

diff --git a/src/zenserver/storage/cache/httpstructuredcache.cpp b/src/zenserver/storage/cache/httpstructuredcache.cpp
index bbdb03ba4..e678033b5 100644
--- a/src/zenserver/storage/cache/httpstructuredcache.cpp
+++ b/src/zenserver/storage/cache/httpstructuredcache.cpp
@@ -114,6 +114,12 @@ HttpStructuredCacheService::BaseUri() const
 	return "/z$/";
 }
 
+bool
+HttpStructuredCacheService::AcceptsLocalFileReferences() const
+{
+	return true;
+}
+
 void
 HttpStructuredCacheService::Flush()
 {
-- 
cgit v1.2.3