build.run: prohibit absolute paths in BuildPlan.add_file.

This makes the build impure and also causes the contents of a file
outside of the build directory to be overwritten.

The check in `BuildPlan.execute_local` is also expanded to cover
the possibility of an absolute path sneaking through.

Author: whitequark

amaranth/build/run.py

@@ -33,6 +33,9 @@ def add_file(self, filename, content):
         forward slashes (``/``).
         """
         assert isinstance(filename, str) and filename not in self.files
+        if (pathlib.PurePosixPath(filename).is_absolute or
+                pathlib.PureWindowsPath(filename).is_absolute):
+            raise ValueError(f"Filename {filename!r} must not be an absolute path")
         self.files[filename] = content
 
     def digest(self, size=64):
@@ -78,9 +81,9 @@ def execute_local(self, root="build", *, run_script=True, env=None):
 
             for filename, content in self.files.items():
                 filename = pathlib.Path(filename)
-                # Forbid parent directory components completely to avoid the possibility
-                # of writing outside the build root.
-                assert ".." not in filename.parts
+                # Forbid parent directory components and absolute paths completely to avoid
+                # the possibility of writing outside the build root.
+                assert not filename.is_absolute and ".." not in filename.parts
                 dirname = os.path.dirname(filename)
                 if dirname:
                     os.makedirs(dirname, exist_ok=True)