security: remove redundant log directory check, use case for path validation

Copilot · PDowney · web-flow · commit f8fff2101672 · 2026-04-10T20:05:25.000Z
Agent-Logs-Url: https://github.com/EngineScript/EngineScript/sessions/b7a76c75-34d2-4d2c-b506-bda5f1f115b4 Co-authored-by: PDowney <11467177+PDowney@users.noreply.github.com>
diff --git a/scripts/ci/run-install-step.sh b/scripts/ci/run-install-step.sh
@@ -50,10 +50,14 @@ if [ -z "${RESOLVED_LOG_PARENT:-}" ]; then
   exit 1
 fi
 
-if [ "$RESOLVED_LOG_PARENT" != "$ALLOWED_LOG_BASE_DIR" ] && [[ "$RESOLVED_LOG_PARENT"/ != "$ALLOWED_LOG_BASE_DIR"/* ]]; then
-  echo "Error: log path must be within $ALLOWED_LOG_BASE_DIR: $LOG_PATH" >&2
-  exit 1
-fi
+case "$RESOLVED_LOG_PARENT" in
+  "$ALLOWED_LOG_BASE_DIR"|"$ALLOWED_LOG_BASE_DIR"/*)
+    ;;
+  *)
+    echo "Error: log path must be within $ALLOWED_LOG_BASE_DIR: $LOG_PATH" >&2
+    exit 1
+    ;;
+esac
 
 if [ "$LOG_FILENAME" = "." ] || [ "$LOG_FILENAME" = ".." ]; then
   echo "Error: invalid log file name: $LOG_PATH" >&2
