Security: Add path canonicalization to prevent directory traversal in scan()

## Vulnerability
The `scan()` function in tokmd-scan/src/lib.rs accepts user-provided paths without canonicalization, allowing potential directory traversal attacks.

## Current Code
```rust
pub fn scan(paths: &[PathBuf], opts: &ScanOptions) -> Result<Languages> {
    // No canonicalization before walking
    // User could pass "../../../etc" as path
}
```

## Fix Required
1. Canonicalize all input paths before walking
2. Validate that walked paths remain within intended boundaries
3. Add test cases for traversal attempts

## References
- Rust std::fs::canonicalize()
- OWASP Path Traversal guidelines

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Add path canonicalization to prevent directory traversal in scan() #774

Vulnerability

Current Code

Fix Required

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Add path canonicalization to prevent directory traversal in scan() #774

Description

Vulnerability

Current Code

Fix Required

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions