fix(rgp): reject traversal components and drop raw-path fallback

[bl4ckr0ss3]

closes #32

what

two changes in src/model.rs:

1. drop the .or_else(|_| load_obj_meshes_from_path(path)) fallback in load_object_source. it retried with the raw, unsanitized attacker path on any error from the sanitized lookup, which defeated object_asset_path for any input the sanitizer rewrote into a non-existent location.
2. reject ParentDir / RootDir / CurDir components in both branches of object_asset_path (the assets-anchor branch and the no-anchor fallback). legitimate inputs are unchanged.

verified

added five unit tests in src/model.rs::tests covering:

• relative ../ traversal -> rejected
• traversal after an assets/ anchor -> rejected
• absolute path -> rejected
• bare filename -> still resolves to objects/<file>
• assets/objects/<file> -> still resolves to objects/<file>

also ran a standalone repro (no bevy/tobj, plain rustc) that mirrors the full load_object_source resolution chain against both attack and legitimate inputs - all attacks now rejected, all legitimate paths unchanged. output:

[ok]   "../../tmp/x.obj" -> rejected (asset path contains traversal components: ../../tmp/x.obj)
[ok]   "../../../../../../../tmp/ratty-victim.obj" -> rejected (...)
[ok]   "assets/../etc/passwd.obj" -> rejected (...)
[ok]   "/etc/passwd.obj" -> rejected (absolute path is outside the asset root)
[ok]   "CairoSpinyMouse.obj" -> "objects/CairoSpinyMouse.obj"
[ok]   "assets/objects/CairoSpinyMouse.obj" -> "objects/CairoSpinyMouse.obj"
[ok]   "assets/foo.obj" -> "foo.obj"
[ok]   "subdir/foo.obj" -> "subdir/foo.obj"

standalone repro source: https://gist.github.com/bl4ckr0ss3/35afe3ed0a29a42345f1e8f2a67be371 (i'll push the fixed version there too if useful).

not in this PR

there are a few smaller adjacent things i noticed while auditing (APC parser memory DoS via incomplete sequences in inline.rs, kitty PNG decode without size limits in kitty.rs::finalize, kitty multipart byte buffer unbounded growth). i'll open separate issues for those, keeping this PR focused on the traversal fix.

[orhun]

Thanks for the detailed issue and the PR!

This looks good mostly, but I wasn't able to run the widget examples. Especially document and draw:

2026-05-12T15:56:28.693336Z  WARN ratty::inline: failed to load RGP object 100: failed to read assets/sprite_12_offset_32218.obj: open file failed
2026-05-12T15:56:28.693658Z  WARN ratty::inline: failed to load RGP object 101: failed to read assets/black.obj: open file failed
2026-05-12T15:56:30.151345Z  WARN ratty::inline: failed to load RGP object 102: failed to read assets/bomber.obj: open file failed
2026-05-12T15:56:30.151383Z  WARN ratty::inline: failed to load RGP object 103: failed to read assets/battle.obj: open file failed
2026-05-12T15:56:30.334139Z  WARN ratty::inline: failed to load RGP object 104: failed to read assets/sprite_18_offset_48048.obj: open file failed
2026-05-12T15:56:31.465527Z  WARN ratty::inline: failed to load RGP object 102: failed to read assets/bomber.obj: open file failed
2026-05-12T15:56:31.465582Z  WARN ratty::inline: failed to load RGP object 103: failed to read assets/battle.obj: open file failed
2026-05-12T15:56:31.648197Z  WARN ratty::inline: failed to load RGP object 101: failed to read assets/black.obj: open file failed
2026-05-12T15:56:31.782133Z  WARN ratty::inline: failed to load RGP object 100: failed to read assets/sprite_12_offset_32218.obj:

Can you adjust the widget examples based on the new asset loading changes as well?

[bl4ckr0ss3]

thanks for testing! pushed a follow-up commit that updates the widget examples to work with the new restricted loader.

changes:

• moved widget/assets/*.obj -> assets/widget/*.obj so they live under the project asset root
• document example sends widget/<name> (relative, sanitizer-friendly) instead of the previous absolute workspace path. ratty resolves that to assets/widget/<name> via the same logic that handles bare filenames.
• draw writes its live preview to assets/widget/.live_draw.obj (gitignored) and sends widget/.live_draw.obj
• TempleOS.jpg stays at widget/assets/TempleOS.jpg since the widget reads it directly via image::ImageReader::open (ratty doesn't see it)

verified cargo build --examples in widget/ is clean. the unit tests in model.rs::tests still pass against the original sanitizer changes.

lmk if you want big_rat updated too for consistency (it sends an absolute path to assets/objects/SpinyMouse.glb which currently works because the sanitizer strips up to the assets component and that file already lives at assets/objects/), or if it's fine as-is.

[orhun]

Moving widget assets to the root assets folder is not a good solution. It means that we will start embedding those assets into the Ratty binary which is unnecessary.

[bl4ckr0ss3]

rust_embed only globs assets/objects/ (verified in src/model.rs:15-17), so I don't think assets/widget/ would end up at blob, but I understand the concern so I'll look into the other way but first I need to cook food for the dinner >..<

[orhun]

oh got it, you're right!

[orhun]

but then those assets won't be a part of the widget's crates.io release (which only includes the widget directory) which is still problematic :/

I think we should have those widgets assets in the widget folder respectively