Reject Windows subfolder paths

Amp-Thread-ID: https://ampcode.com/threads/T-019ecf39-2e6f-747d-ae80-addba6b8e4f5
Co-authored-by: Amp <amp@ampcode.com>

app/assets/services/path_utils.py

@@ -1,5 +1,5 @@
 import os
-from pathlib import Path
+from pathlib import Path, PureWindowsPath
 from typing import Literal
 
 import folder_paths
@@ -29,6 +29,12 @@ def _validate_subfolder(subfolder: str | None) -> list[str]:
     if not subfolder:
         return []
 
+    if "\\" in subfolder:
+        raise ValueError("invalid subfolder path")
+    windows_path = PureWindowsPath(subfolder)
+    if windows_path.drive or windows_path.root:
+        raise ValueError("invalid subfolder path")
+
     parts = Path(subfolder).parts
     invalid = {"", ".", ".."}
     if Path(subfolder).is_absolute() or any(part in invalid for part in parts):

tests-unit/assets_test/services/test_path_utils.py

@@ -179,7 +179,10 @@ class TestResolveDestinationFromTags:
         assert base_dir == os.path.abspath(fake_dirs["input"])
         assert subdirs == ["foo", "bar"]
 
-    @pytest.mark.parametrize("subfolder", ["../escape", "foo/../bar", "/abs", "foo\\bar"])
+    @pytest.mark.parametrize(
+        "subfolder",
+        ["../escape", "foo/../bar", "/abs", "foo\\bar", "C:/escape", "C:escape"],
+    )
     def test_explicit_subfolder_rejects_unsafe_paths(self, fake_dirs, subfolder: str):
         with pytest.raises(ValueError, match="invalid subfolder"):
             resolve_destination_from_tags(["input", "unit-tests"], subfolder=subfolder)