MAF-011: [LOW] Library path can be set arbitrarily, including root

[Floppy]

System paths in the library functionality allow administrators to configure root directories as the path.

Technical description:

The library system functionality allow administrators to set paths to root directories. Paths should be restricted to only allow specific directories to minimize the attack vector.

Impact:

Allowing access to root directories significantly increases the risk of unauthorized access, data breaches, and potential system compromises. Attackers could exploit this misconfiguration to gain elevated privileges and access sensitive files or directories.

Recommendation:

• [ ] Implement a user-friendly file browser dialog or similar UI component that allows users to visually navigate and select the desired library folder. This provides a more intuitive and controlled way for users to specify the directory.
• [ ] Configure an allowlist of directories that can be selected and displayed to the admin. This ensures that only pre- approved directories are available for selection.
• [ ] Implement robust server-side path traversal checks to prevent users from crafting malicious paths that could bypass the intended directory restrictions.
• [ ] Apply strict input validation and sanitization techniques to user-supplied paths to mitigate the risk of path injection attacks.

[Floppy]

This is due a rewrite soon as part of #1670, so I'm leaving it for now.

[Floppy]

sanitization checks done in #2729