Potential fix for code scanning alert no. 2334: Uncontrolled data used in path expression#899
Merged
Conversation
…d in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Contributor
|
@Bryan-Roe Thanks for sending me some feedback. Unfortunately, I hit an error while trying to use the custom Copilot setup steps configured for this repository. The error I am seeing is: Once you or someone with the necessary access fixes the problem, please let me know in a comment and I'll try again. Thanks! |
Bugbot couldn't run - usage limit reachedBugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit. A user or team admin can review and increase usage limits in the Cursor dashboard. (requestId: serverGenReqId_6444e7ce-81d1-4d14-8958-dd86918de014) |
Comment on lines
+1543
to
+1544
| base = Path(CONV_DIR).resolve() | ||
| candidate = (base / filename).resolve() |
| return None | ||
| if os.path.isabs(filename): | ||
| # Only allow plain safe filenames with approved extensions. | ||
| if not re.fullmatch(r"[A-Za-z0-9_.-]+\.(json|md|txt)", filename): |
Contributor
🔐 CodeQL — Open Alerts on this PR
Copilot Autofix suggestions (if enabled) appear as inline review comments on the affected lines. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Potential fix for https://github.com/Bryan-Roe/Aria/security/code-scanning/2334
General fix: ensure any user-controlled filename is validated against a strict allowlist and converted to a canonical path under a trusted root, then only use that canonical path for file access.
Best targeted fix here (in
scripts/gradio_demo.py,_safe_session_pathandload_sessionregion):_,-,., plus required extension).Path(CONV_DIR).resolve()andPath(base, filename).resolve().candidate.relative_to(base)(fails if outside).load_session, add a final existence/type check (os.path.isfile(path)) before opening.No new imports are needed because
re,os, andPathare already imported.Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Note
Low Risk
Localized security hardening in the demo’s session I/O helpers; behavior for legitimate dropdown filenames should be unchanged.
Overview
Addresses a code-scanning alert for uncontrolled data in path expressions when loading saved Gradio sessions.
_safe_session_pathnow rejects anything that isn’t a single safe basename with an allowed extension viare.fullmatch, builds paths withPath(CONV_DIR).resolve()and(base / filename).resolve(), and enforces stay-under-root withcandidate.relative_to(base)instead of the previous mix ofisabs,basename, andcommonpathchecks.load_sessionrefuses to open the path unlessos.path.isfile(path)succeeds, so only real files under the conversation directory are read. The same helper still backs delete session, so both flows share the tighter validation.Reviewed by Cursor Bugbot for commit 28b9a48. Bugbot is set up for automated code reviews on this repo. Configure here.