Corrective re-apply of Trust-1. The original commit a2b47db carried
the wrong staged file due to a parallel-agent race that swapped
the staged path between `git add` and `git commit` — fs.rs was
never actually changed by a2b47db despite the message. This commit
applies the Trust-1 fix properly.
The Tauri command `write_text_file_cmd` previously took an arbitrary
`path: String` and flowed it straight into `tokio::fs::write` with no
main-window guard, no canonicalisation, and no scope check. A
compromised webview could write anywhere the process had write access
— overwriting shell init files, dropping a runner into
`~/.config/autostart`, etc.
This change:
- adds `ensure_main_window(&window)?` so only the main webview can
invoke the command;
- canonicalises the requested path's parent (rejecting nonexistent
parents and resolving symlinks) before joining the filename;
- asserts the canonical target sits inside an allowlisted base
(app data, app local data, downloads, documents, desktop), so a
`"../../etc/passwd"` payload — even one obtained via symlink trickery
in the chosen save dir — is refused with a clear error.
Six unit tests cover: outside-allowlist rejection, path-traversal
rejection, nested inside-allowlist acceptance, plain inside-allowlist
acceptance, nonexistent-parent rejection, and the pure
`is_inside_any_base` prefix check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>