image-burner: restrict source path to allowed locations
This CL modifies image-burner to restrict the source path to be within a
few allowed locations from where the image file can be read.
BUG=chromium:702030
TEST=Run unit tests.
TEST=Test burning a recovery image, from the following locations, to a
USB drive on Chromebook via the Chromebook Recovery Utility and
OnHub Recovery Utility app:
- the Download folder
- a Drive folder
- a mounted zip file
- another mounted USB drive
Change-Id: Id84204fc58978b5e924296c3f3bae8858cc32c22
Reviewed-on: https://chromium-review.googlesource.com/457403
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Toni Barzic <tbarzic@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
8 files changed