From d075a67de0b9134b0b08e21c0415f48c7cccd36c Mon Sep 17 00:00:00 2001 From: Andrey Korzh Date: Tue, 22 Jul 2025 23:12:32 +0200 Subject: [PATCH] Fix installation failures on Windows systems with alias usernames --- setup/utils/security.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/setup/utils/security.py b/setup/utils/security.py index 113ae28..1a06d42 100644 --- a/setup/utils/security.py +++ b/setup/utils/security.py @@ -427,11 +427,17 @@ class SecurityValidator: errors.append("Installation to junction points or symbolic links is not allowed for security") return False, errors - # Additional validation: verify it's in a user profile directory structure - # Only check if it looks like a Windows path (contains drive letter) + # Additional validation: verify it's in the current user's profile directory + # Use actual home directory comparison instead of username-based path construction if ':' in abs_target_str and '\\users\\' in abs_target_str: - current_user = os.environ.get('USERNAME', '') - if current_user and f'\\users\\{current_user.lower()}\\' not in abs_target_str: + try: + # Check if target is within the user's actual home directory + home_path = Path.home() + abs_target.relative_to(home_path) + # Path is valid - within user's home directory + except ValueError: + # Path is outside user's home directory + current_user = os.environ.get('USERNAME', home_path.name) errors.append(f"Installation must be in current user's directory ({current_user})") return False, errors