Potential fix for code scanning alert no. 18: Uncontrolled data used in path expression#4
Conversation
…in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
ArshVermaGit
left a comment
There was a problem hiding this comment.
This is a really solid and thoughtful fix that clearly strengthens the trust boundary around filesystem access. I really like how the validation and canonicalization of local_path is handled right at the API boundary — it keeps tainted input from ever reaching deeper git/path operations, which is exactly where we want the guardrails. Using local_git._normalize_repo_path(...) together with local_git._is_linked_repo_path(...) makes the intent explicit and easy to reason about, and applying the helper consistently across unlink_repo, get_repo_status, commit_repo, and commit_legacy ensures there aren’t any gaps. The early HTTPException(400) response also makes the behavior predictable and transparent for clients without impacting valid linked repo flows. Overall, this feels like a clean, minimal, and security-conscious improvement that improves confidence in the path handling logic without adding unnecessary complexity. Great work tightening this up.
Potential fix for https://github.com/ArshVermaGit/SentinelOps-Autonomous-DevOps-AI/security/code-scanning/18
Best fix: validate and canonicalize
local_pathat the API boundary, and reject requests early if the path is not one of the linked repositories. This creates an explicit trust boundary sanitizer and prevents tainted paths from reaching git/path sinks.Single best approach here:
sentinelops-backend/app/routers/local_dev.py, add a small helper that:local_pathusinglocal_git._normalize_repo_path(...)local_git._is_linked_repo_path(...)HTTPException(400)when invalid/unlinked.unlink_repo(local_path: str)get_repo_status(local_path: str)commit_repo(req: CommitRequest)commit_legacy(req: CommitRequest)No behavior change for valid linked repos; invalid/unlinked paths now fail earlier and explicitly.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.