Skip to content

Potential fix for code scanning alert no. 18: Uncontrolled data used in path expression#85

Draft
maxirmx wants to merge 1 commit into
mainfrom
alert-autofix-18
Draft

Potential fix for code scanning alert no. 18: Uncontrolled data used in path expression#85
maxirmx wants to merge 1 commit into
mainfrom
alert-autofix-18

Conversation

@maxirmx

@maxirmx maxirmx commented Jun 28, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/sw-consulting/media-pi.device/security/code-scanning/18

General fix: enforce a strict allowlist boundary for playlist destination paths (for example, under /var/media-pi) at input-validation time, and reject anything outside that base. Use canonical absolute paths and boundary-safe prefix checks.

Best single fix without changing intended behavior: in internal/agent/menu.go inside HandleConfigurationUpdate, after existing clean/abs/.. checks, add a containment check ensuring cleanDestination resolves under a fixed safe base directory (e.g. /var/media-pi). Use:

  • safeBase := filepath.Clean("/var/media-pi")
  • absSafeBase, _ := filepath.Abs(safeBase)
  • absDestination, _ := filepath.Abs(cleanDestination)
  • allow only if absDestination == absSafeBase or strings.HasPrefix(absDestination, absSafeBase + string(os.PathSeparator))

Then store absDestination in config (instead of cleanDestination) when calling UpdateConfigSettings.

This addresses the taint flow at the source and keeps sync.go filesystem operations safe without changing sync logic.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant