Problem

When pulling files with an absolute path outside of the working directory, users receive the following error message:

$ oras pull localhost:5000/test:v1
⠋ [....................](   0  B/s)                                                                                                                                                           0.00/0  B   0.00%  376µs
  └─ 
Error: use flag --allow-path-traversal to allow insecurely pulling files outside of working directory: failed to resolve path for writing: path traversal disallowed

This message might lead users to blindly specify the --allow-path-traversal flag to bypass the validation, which is dangerous.

Ideally, artifact producers should not upload files with absolute paths. ORAS currently disallows pushing files with absolute paths by default, with the following error message:

$ oras push localhost:5000/test:v1 "/tmp/foo.txt"
Error: absolute file path detected. If it's intentional, use --disable-path-validation flag to skip this check: /tmp/foo.txt

This error message does not mention that using absolute paths is insecure.

Proposal

We should improve the error messages for both oras pull and oras push to explicitly state that using absolute paths is insecure and not recommended.

We can consider updating the error messages like these:

For oras push files with absolute paths

Error: absolute file paths are insecure and not recommended. If it's intentional, use --disable-path-validation flag to skip this check: /tmp/foo.txt

For oras pull files outside of working directory

Error: pulling files outside of working directory is insecure and blocked by default. If you trust the content producer, use --allow-path-traversal to bypass: failed to resolve path for writing: /tmp/foo.txt: path traversal disallowed