From cecd633ca77d38d9a9ceb278b973be1d76ab134d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 07:01:11 +0000
Subject: [PATCH] Validate tptp test filenames against empty and traversal
 patterns

Agent-Logs-Url: https://github.com/Z3Prover/z3/sessions/dc1d46fc-4b6c-4f64-91a0-9fb57c73c166

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>
---
 src/test/tptp.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/test/tptp.cpp b/src/test/tptp.cpp
index bb9c6d0a5..06d00c704 100644
--- a/src/test/tptp.cpp
+++ b/src/test/tptp.cpp
@@ -25,6 +25,10 @@ struct tptp_case {
 constexpr unsigned tptp_buffer_size = 4096;
 
 static bool is_safe_file_name(char const* s) {
+    if (!s || !*s)
+        return false;
+    if (std::string(s).find("..") != std::string::npos)
+        return false;
     while (*s) {
         unsigned char c = static_cast<unsigned char>(*s);
         if (!(std::isalnum(c) || c == '.' || c == '-' || c == '_'))