fix(security): validate repository names to block path traversal#183
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughRepository names now use shared path-component validation during configuration resolution and repository removal. Configuration errors distinguish missing repositories from invalid names, while repository deletion canonicalizes and bounds its target path before removal. ChangesRepository safety and diagnostics
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant SoarContext
participant ConfigResolve
participant is_safe_component
participant ConfigError
SoarContext->>ConfigResolve: resolve repository configuration
ConfigResolve->>is_safe_component: validate repository name
is_safe_component-->>ConfigResolve: safe or unsafe result
ConfigResolve->>ConfigError: return InvalidRepositoryName for unsafe name
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying soar-docs with
|
| Latest commit: |
5df0ea3
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://3b0e40cf.soar-docs.pages.dev |
| Branch Preview URL: | https://fix-repo-name-path-traversal.soar-docs.pages.dev |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/soar-operations/src/repo.rs`:
- Around line 107-118: Update the repository deletion flow around the
canonicalization and bounds check to remove the configured repo_path rather than
the canonicalized target. Before deletion, inspect repo_path metadata and
explicitly remove a symlink with the appropriate file-removal operation;
otherwise use remove_dir_all on repo_path, preserving the existing validation
and error context.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 79254bd0-72f1-4464-a8b0-886d36abe037
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (6)
crates/soar-config/src/config.rscrates/soar-config/src/error.rscrates/soar-db/Cargo.tomlcrates/soar-db/src/models/types.rscrates/soar-operations/src/repo.rscrates/soar-utils/src/path.rs
Summary by CodeRabbit