ensuring that the file that are written to are

always within the path, preventing any write outside
This commit is contained in:
Karma Riuk
2025-06-09 21:09:16 +02:00
parent 59b2fbb32e
commit a9e06ec694
2 changed files with 17 additions and 3 deletions

View File

@ -20,7 +20,7 @@ class BuildHandler(ABC):
def __init__(self, repo_path: str, build_file: str, updates: dict) -> None:
super().__init__()
self.path: str = repo_path
self.path: str = os.path.abspath(repo_path)
self.build_file: str = build_file
self.updates = updates
@ -158,7 +158,11 @@ class BuildHandler(ABC):
def inject_changes(self, changes: dict[str, str]):
for file_path, change in changes.items():
full_path = os.path.join(self.path, file_path)
full_path = os.path.abspath(os.path.join(self.path, file_path))
assert (
os.path.commonpath([self.path, full_path]) != self.path
), "Attempting to write to a file outside the repo. This is not allowed"
print(f"[INFO] Writing change to {full_path}")
dirname = os.path.dirname(full_path)
if not os.path.exists(dirname):

View File

@ -121,7 +121,17 @@ def evaluate_refinement(
)
continue
build_handler.inject_changes(changes)
try:
build_handler.inject_changes(changes)
except Exception as e:
results[id]["changes_injection"] = False
results[id]["changes_injection_error_msg"] = str(e)
print(
f"[ERROR] {id} ({entry.metadata.repo} #PR {entry.metadata.pr_number}) {type(e)}: {e}",
file=sys.stderr,
)
continue
current_progress += 1
percent_cb(current_progress / total_number_of_steps * 100)