From a9e06ec6943ce97f0ad5e0da17c218862ca49e00 Mon Sep 17 00:00:00 2001 From: Karma Riuk Date: Mon, 9 Jun 2025 21:09:16 +0200 Subject: [PATCH] ensuring that the file that are written to are always within the path, preventing any write outside --- src/utils/build_handlers.py | 8 ++++++-- src/utils/process_data.py | 12 +++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/utils/build_handlers.py b/src/utils/build_handlers.py index e8eca64..855b6dc 100644 --- a/src/utils/build_handlers.py +++ b/src/utils/build_handlers.py @@ -20,7 +20,7 @@ class BuildHandler(ABC): def __init__(self, repo_path: str, build_file: str, updates: dict) -> None: super().__init__() - self.path: str = repo_path + self.path: str = os.path.abspath(repo_path) self.build_file: str = build_file self.updates = updates @@ -158,7 +158,11 @@ class BuildHandler(ABC): def inject_changes(self, changes: dict[str, str]): for file_path, change in changes.items(): - full_path = os.path.join(self.path, file_path) + full_path = os.path.abspath(os.path.join(self.path, file_path)) + assert ( + os.path.commonpath([self.path, full_path]) != self.path + ), "Attempting to write to a file outside the repo. This is not allowed" + print(f"[INFO] Writing change to {full_path}") dirname = os.path.dirname(full_path) if not os.path.exists(dirname): diff --git a/src/utils/process_data.py b/src/utils/process_data.py index 9ec908c..9275a00 100644 --- a/src/utils/process_data.py +++ b/src/utils/process_data.py @@ -121,7 +121,17 @@ def evaluate_refinement( ) continue - build_handler.inject_changes(changes) + try: + build_handler.inject_changes(changes) + except Exception as e: + results[id]["changes_injection"] = False + results[id]["changes_injection_error_msg"] = str(e) + print( + f"[ERROR] {id} ({entry.metadata.repo} #PR {entry.metadata.pr_number}) {type(e)}: {e}", + file=sys.stderr, + ) + continue + current_progress += 1 percent_cb(current_progress / total_number_of_steps * 100)