security: CWE-22: Path traversal in Export-TrustCertificate — VC-53778

[torresashjiancyber]

Summary

This PR fixes a path traversal vulnerability (CWE-22) in Export-TrustCertificate where unsanitized server-supplied certificateName values were used directly in file path construction.

Finding

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The Export-TrustCertificate function (alias Export-VcCertificate) joined server-returned certificateName field to the operator's -OutPath parameter without sanitization at three locations:

1. Line 223: PKCS12 export format
2. Line 270: PEM with private key export
3. Line 339: Certificate-only export

An attacker controlling certificateName could use path traversal sequences (e.g., ../../../etc/passwd) to write files outside the intended output directory, potentially overwriting critical system files.

Remediation

Applied fail-closed validation at all three vulnerable sites:

1. Extract the leaf filename using [IO.Path]::GetFileName()
2. Validate the result is non-empty and matches the original input
3. Throw an error if validation fails, preventing the path traversal

This approach:

• Rejects any path containing directory separators (/, \)
• Rejects empty or null certificate names
• Preserves legitimate certificate names (e.g., app.example.com)
• Fails safely on any suspicious input

Verification

• Build: not run (PowerShell module - no build detected)
• Tests: not run (no test framework detected)
• Manual review: All three vulnerable Join-Path callsites now use sanitized $safeName variable