From 3f9e29b8d648c5f4521619042f5027dc2ad94fe5 Mon Sep 17 00:00:00 2001
From: Sungkyu Yoo <skyoo2003@gmail.com>
Date: Sun, 19 Apr 2026 22:33:05 +0900
Subject: [PATCH] Potential fix for code scanning alert no. 5: Uncontrolled
 data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 internal/services/lambda/store.go | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/internal/services/lambda/store.go b/internal/services/lambda/store.go
index 1debbde..9df3661 100644
--- a/internal/services/lambda/store.go
+++ b/internal/services/lambda/store.go
@@ -144,13 +144,40 @@ func (s *LambdaStore) Close() error {
 	return s.store.Close()
 }
 
+// validatePathComponent ensures v is a single safe path component.
+func validatePathComponent(name, v string) error {
+	if v == "" {
+		return fmt.Errorf("%s is required", name)
+	}
+	if v == "." || v == ".." {
+		return fmt.Errorf("invalid %s: %q", name, v)
+	}
+	if strings.Contains(v, "/") || strings.Contains(v, "\\") {
+		return fmt.Errorf("invalid %s: must not contain path separators", name)
+	}
+	return nil
+}
+
 // codePath returns the filesystem path for a function's code zip.
 // It validates the result stays under codeDir to prevent path traversal.
 func (s *LambdaStore) codePath(accountID, functionName string) (string, error) {
+	if err := validatePathComponent("accountID", accountID); err != nil {
+		return "", err
+	}
+	if err := validatePathComponent("functionName", functionName); err != nil {
+		return "", err
+	}
+
 	joined := filepath.Join(s.codeDir, accountID, functionName, "code.zip")
 	cleaned := filepath.Clean(joined)
-	absBase, _ := filepath.Abs(s.codeDir)
-	absCleaned, _ := filepath.Abs(cleaned)
+	absBase, err := filepath.Abs(s.codeDir)
+	if err != nil {
+		return "", fmt.Errorf("resolve base code dir: %w", err)
+	}
+	absCleaned, err := filepath.Abs(cleaned)
+	if err != nil {
+		return "", fmt.Errorf("resolve code path: %w", err)
+	}
 	if !strings.HasPrefix(absCleaned, absBase+string(filepath.Separator)) {
 		return "", fmt.Errorf("path traversal detected: %s", cleaned)
 	}