fix: sanitize absolute paths from etherscan (#1603)

ethers-etherscan/src/source_tree.rs

@@ -37,10 +37,13 @@ impl SourceTree {
 
 /// Remove any components in a smart contract source path that could cause a directory traversal.
 fn sanitize_path(path: &Path) -> PathBuf {
-    Path::new(path)
+    let sanitized = Path::new(path)
         .components()
         .filter(|x| x.as_os_str() != Component::ParentDir.as_os_str())
-        .collect::<PathBuf>()
+        .collect::<PathBuf>();
+
+    // Force absolute paths to be relative
+    sanitized.strip_prefix("/").map(PathBuf::from).unwrap_or(sanitized)
 }
 
 #[cfg(test)]
@@ -81,14 +84,19 @@ mod tests {
                     path: PathBuf::from("../b/../b.sol"),
                     contents: String::from("Test 2"),
                 },
+                SourceTreeEntry {
+                    path: PathBuf::from("/c/c.sol"),
+                    contents: String::from("Test 3"),
+                },
             ],
         };
         st.write_to(tempdir.path()).unwrap();
         let written_paths = read_dir(tempdir.path()).unwrap();
         let paths: Vec<PathBuf> =
             written_paths.into_iter().filter_map(|x| x.ok()).map(|x| x.path()).collect();
-        assert_eq!(paths.len(), 2);
+        assert_eq!(paths.len(), 3);
         assert!(paths.contains(&tempdir.path().join("a")));
         assert!(paths.contains(&tempdir.path().join("b")));
+        assert!(paths.contains(&tempdir.path().join("c")));
     }
 }