Fix path injection, empty choices crash, and config inconsistencies#5
Draft
Copilot wants to merge 3 commits intofeature/agent-loopfrom
Draft
Fix path injection, empty choices crash, and config inconsistencies#5Copilot wants to merge 3 commits intofeature/agent-loopfrom
Copilot wants to merge 3 commits intofeature/agent-loopfrom
Conversation
- Fix path injection in collect_artifacts: use shlex.quote() for filenames - Add bounds check for empty response.choices across LLM call sites - Validate full_name format before split in both handlers - Use configurable container_timeout instead of hardcoded 120s cap - Add tests for all fixes Co-authored-by: sweettastebuds <49539676+sweettastebuds@users.noreply.github.com>
…ve test - Use os.path.basename() to strip directory components from artifact names - Improve test to verify path traversal is properly blocked Co-authored-by: sweettastebuds <49539676+sweettastebuds@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Review changes in pull request 4
Fix path injection, empty choices crash, and config inconsistencies
Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security and robustness fixes found during review of the agent loop implementation in PR #4.
Path injection in
collect_artifactsArtifact filenames from container
lsoutput were interpolated into shell commands with only single-quote wrapping—vulnerable to traversal and injection. Now usesos.path.basename()+shlex.quote():Missing bounds check on
response.choices[0]LLMClient.chat(),AgentLoop.run(),AgentLoop._force_final(), andLevel3Agentall accessedchoices[0]without guarding against empty arrays →IndexErroron malformed API responsesUnsafe
full_name.split("/", 1)in handlersPullRequestHandlerandIssueCommentHandlerwould raiseValueErroron malformed webhook payloads missing the/separatorHardcoded exec timeout cap
ContainerManager.exec()capped timeout at 120s, silently overriding the configurablecontainer_timeout(default 150s)self._settings.container_timeoutas the cap💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.