Address review comments from Billy and tested code

cmd/oras/internal/option/packer.go

@@ -27,6 +27,7 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/spf13/pflag"
 	"oras.land/oras-go/v2/content"
+	"oras.land/oras/cmd/oras/internal/fileref"
 )
 
 // Pre-defined annotation keys for annotation file
@@ -80,17 +81,12 @@ func (opts *Packer) Parse() error {
 	if !opts.PathValidationDisabled && len(opts.FileRefs) != 0 {
 		for _, path := range opts.FileRefs {
 			//Remove the type if specified in the path <file>[:<type>] format
-			lastIndex := strings.LastIndex(path, ":")
-			if lastIndex != -1 {
-				path = path[:lastIndex]
-			}
-			absPath, err := filepath.Abs(path)
-			dirPath := filepath.Dir(absPath)
+			path, _, err = fileref.Parse(path, "")
 			if err != nil {
 				return err
 			}
-			if dirPath != currentDir {
-				failedPaths = append(failedPaths, absPath)
+			if filepath.IsAbs(path) {
+				failedPaths = append(failedPaths, path)
 			}
 		}
 		if len(failedPaths) > 0 {

cmd/oras/root/pull.go

@@ -20,7 +20,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"strings"
 	"sync"
 
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
@@ -239,9 +238,8 @@ func runPull(ctx context.Context, opts pullOptions) error {
 	// Copy
 	desc, err := oras.Copy(ctx, src, opts.Reference, dst, opts.Reference, copyOptions)
 	if err != nil {
-		if strings.Contains(err.Error(), "path traversal disallowed") {
-			errorMsg := fmt.Sprintf("%v: %w ", "to enable path traversal use --allow-path-traversal flag", err)
-			return errors.New(errorMsg)
+		if errors.Is(err, file.ErrPathTraversalDisallowed) {
+			err = fmt.Errorf("%s: %w", "use option -T/allow-path-traversal to allow pulling outside of working directory", err)
 		}
 		return err
 	}