Potential fix for code scanning alert no. 2333: Uncontrolled data used in path expression#806
Conversation
…d in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Sorry @Bryan-Roe, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
Bugbot couldn't run - usage limit reachedBugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit. A user or team admin can review and increase usage limits in the Cursor dashboard. (requestId: serverGenReqId_b0516371-bc72-4e1b-a8b9-4a1c300a64f1) |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Bugbot couldn't run - usage limit reachedBugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit. A user or team admin can review and increase usage limits in the Cursor dashboard. (requestId: serverGenReqId_5d5cebe5-7e23-4066-a71d-7afd015cd6c3) |
Potential fix for https://github.com/Bryan-Roe/Aria/security/code-scanning/2333
Use a server-generated temporary filename that does not include
session_name, and keep the final exported filename behavior unchanged.Best single fix in
scripts/gradio_demo.py:save_conversation_markdown(...)(around lines 655–657), replace construction oftemp_filenamefromsafe_namewith a UUID-based internal temp name (for example,".tmp_<uuid>.md"), still joined underconv_rootand validated withcommonpath.{safe_name}_{ts}.md) as-is so user-visible functionality remains unchanged.uuidis already imported.This addresses all variants because both alerts flow through the same tainted construction/use of
temp_filename.Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Note
Low Risk
Single-line change in a demo export helper with unchanged user-visible filenames and existing directory containment checks.
Overview
Addresses a code-scanning path traversal / uncontrolled path alert in
save_conversation_markdownby no longer building the write-temp file name from user-derivedsession_name(safe_name).The atomic write still uses a temp file under
conv_rootwith the samecommonpathguard, but the temp path is now server-generated (.tmp_<uuid>.md). The final exported file remains{safe_name}_{ts}.md, so export naming in the UI is unchanged.Reviewed by Cursor Bugbot for commit 779fce0. Bugbot is set up for automated code reviews on this repo. Configure here.