Skip to content

Potential fix for code scanning alert no. 2333: Uncontrolled data used in path expression#806

Merged
Bryan-Roe merged 1 commit into
mainfrom
alert-autofix-2333
Jul 11, 2026
Merged

Potential fix for code scanning alert no. 2333: Uncontrolled data used in path expression#806
Bryan-Roe merged 1 commit into
mainfrom
alert-autofix-2333

Conversation

@Bryan-Roe

@Bryan-Roe Bryan-Roe commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/Bryan-Roe/Aria/security/code-scanning/2333

Use a server-generated temporary filename that does not include session_name, and keep the final exported filename behavior unchanged.

Best single fix in scripts/gradio_demo.py:

  • In save_conversation_markdown(...) (around lines 655–657), replace construction of temp_filename from safe_name with a UUID-based internal temp name (for example, ".tmp_<uuid>.md"), still joined under conv_root and validated with commonpath.
  • Keep the final output filename ({safe_name}_{ts}.md) as-is so user-visible functionality remains unchanged.
  • No new imports are needed because uuid is already imported.

This addresses all variants because both alerts flow through the same tainted construction/use of temp_filename.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.


Note

Low Risk
Single-line change in a demo export helper with unchanged user-visible filenames and existing directory containment checks.

Overview
Addresses a code-scanning path traversal / uncontrolled path alert in save_conversation_markdown by no longer building the write-temp file name from user-derived session_name (safe_name).

The atomic write still uses a temp file under conv_root with the same commonpath guard, but the temp path is now server-generated (.tmp_<uuid>.md). The final exported file remains {safe_name}_{ts}.md, so export naming in the UI is unchanged.

Reviewed by Cursor Bugbot for commit 779fce0. Bugbot is set up for automated code reviews on this repo. Configure here.

…d in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Bryan-Roe, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_b0516371-bc72-4e1b-a8b9-4a1c300a64f1)

@Bryan-Roe Bryan-Roe marked this pull request as ready for review July 11, 2026 02:21
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@Bryan-Roe Bryan-Roe merged commit c1f5af7 into main Jul 11, 2026
73 of 115 checks passed
@Bryan-Roe Bryan-Roe deleted the alert-autofix-2333 branch July 11, 2026 02:21
@cursor

cursor Bot commented Jul 11, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_5d5cebe5-7e23-4066-a71d-7afd015cd6c3)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant