fix: reject path traversal in SSH URL parsing (#458)

* fix: reject path traversal in SSH URL parsing

SSH URLs (git@host:owner/repo) bypassed the path validation that
HTTPS URLs already apply. Paths like git@host:owner/../etc would
parse without error.

Apply the same traversal check to _parse_ssh_url: reject '.' and
'..' segments, and reject empty segments from double slashes.

Fixes #455

* fix: address copilot review — update error message and add edge case tests

Update the SSH traversal error message to mention empty segments,
and add tests for double-slash and trailing-slash cases in SSH URLs.

---------

Co-authored-by: Daniel Meppiel <51440732+danielmeppiel@users.noreply.github.com>

Author: thakoreh

src/apm_cli/models/dependency/reference.py

@@ -655,6 +655,15 @@ def _parse_ssh_url(dependency_str: str):
             repo_part = repo_part[:-4]
 
         repo_url = repo_part.strip()
+
+        # Reject path traversal sequences in SSH URLs
+        for segment in repo_url.split('/'):
+            if not segment or segment in ('.', '..'):
+                raise PathTraversalError(
+                    f"Invalid SSH repository path '{repo_url}': "
+                    f"path segments must not be empty or be '.' or '..'"
+                )
+
         return host, repo_url, reference, alias
 
     @classmethod

tests/unit/test_path_security.py

@@ -177,6 +177,47 @@ def test_parse_accepts_normal_virtual_package(self):
         dep = DependencyReference.parse("owner/repo/prompts/my-file.prompt.md")
         assert dep.is_virtual is True
 
+    # --- SSH URL traversal rejection ---
+
+    def test_ssh_parse_rejects_dotdot_in_repo(self):
+        """SSH URLs with '..' traversal in the repo path must be rejected."""
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner/../evil")
+
+    def test_ssh_parse_rejects_nested_dotdot(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:org/../../etc/passwd")
+
+    def test_ssh_parse_rejects_single_dot(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner/./repo")
+
+    def test_ssh_parse_accepts_normal_url(self):
+        dep = DependencyReference.parse("git@github.com:owner/repo#main")
+        assert dep.repo_url == "owner/repo"
+        assert dep.reference == "main"
+
+    def test_ssh_parse_accepts_url_with_git_suffix(self):
+        dep = DependencyReference.parse("git@gitlab.com:team/project.git#v1.0")
+        assert dep.repo_url == "team/project"
+        assert dep.reference == "v1.0"
+
+    def test_ssh_parse_rejects_dotdot_with_alias(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner/../evil@my-alias")
+
+    def test_ssh_parse_rejects_dotdot_with_reference(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner/../../etc#main")
+
+    def test_ssh_parse_rejects_double_slash(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner//repo")
+
+    def test_ssh_parse_rejects_trailing_slash(self):
+        with pytest.raises(PathTraversalError):
+            DependencyReference.parse("git@github.com:owner/repo/")
+
 
 # ---------------------------------------------------------------------------
 # DependencyReference.get_install_path containment