Fix: Mitigate Arbitrary File Write (Path Traversal) Validation Bypass

[ArshVermaGit]

Description

This PR addresses a critical Path Traversal vulnerability in the /api/scripts/save and /api/scripts/import_github endpoints that allowed an attacker to perform an Arbitrary File Write.

Previously, these endpoints attempted to validate the file path using validate_safe_path, which successfully checked path boundaries. However, immediately following validation, the logic contained a flaw where it dynamically rebuilt the absolute path by re-appending the unsanitized filename variable:

# Vulnerable logic that was removed:
full_path = os.path.join(os.path.dirname(full_path), filename)

Because the filename variable could still contain ../ traversal sequences, this operation effectively re-introduced the traversal relative to the safe directory, completely bypassing the validation and allowing files to be written anywhere on the host filesystem.

Resolved Issue

Resolves #126

Changes Made

• Removed Flawed Path Reassignment: Deleted the vulnerable os.path.join line in both the save_script and import_github functions.
• The file writing mechanism now strictly relies on the absolute path string securely resolved and returned by validate_safe_path(SCRIPTS_DIR, rel_path).

Security Impact

By preventing unsanitized filenames from being blindly joined to validated directory paths, the application is now secure against arbitrary file writes. All file operations are strictly confined to the scripts/ directory, preventing attackers from overwriting critical system files or injecting backdoors.

Testing

• Verified standard script creation and GitHub importing work as expected.
• Attempted to save a script with the filename ../pwn.sh.
• Confirmed that the file was safely constrained within the scripts/ directory rather than escaping to the system root.

[ArshVermaGit]

Hi @siddu-k ! Issue #126 has been resolved. Please review the PR and merge it under GSSoC. Thanks!