Prevent path traversal in Directory.read()

[assinscreedFC]

Summary

Fixes #359 (path traversal / CWE-22).

Directory.read() joined the source directory with a subname taken from EPUB OPF manifest href attributes (attacker-controlled, and URL-decoded via unquote) without any sanitisation:

open(os.path.join(self.directory_path, subname), "rb")

A crafted href such as ../../etc/passwd (or its percent-encoded form %2e%2e%2f...) could escape the intended directory and read arbitrary files from disk.

Fix

Resolve both the base directory and the requested target with os.path.realpath (which also collapses .. and follows symlinks), then reject any target that does not stay within the base directory before opening it.

def read(self, subname):
    directory_path = os.path.realpath(self.directory_path)
    path = os.path.realpath(os.path.join(directory_path, subname))
    if path != directory_path and not path.startswith(directory_path + os.sep):
        raise OSError(...)
    with open(path, "rb") as fp:
        return fp.read()

Legitimate relative hrefs (e.g. Text/chapter1.xhtml) are unaffected.

Tests

Added TestDirectory in tests/test_utils.py:

• test_read_within_directory — a normal in-directory read still works.
• test_read_rejects_path_traversal — a ../../ href raises.

Verification

• pytest tests/test_utils.py — passed; full suite: 26 passed.
• ruff check and ruff format --check — clean.