dgf1988/codewhale
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression'

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Hunter Bown
2026-05-08 19:34:01 -05:00
committed by GitHub
parent 43e572342a
commit 326a1dacb9
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/tui/src/runtime_api.rs
+14 -2
View File
@@ -1658,18 +1658,30 @@ fn run_git(workspace: &std::path::Path, args: &[&str]) -> Option<String> {
} }
fn resolve_skills_dir(config: &Config, workspace: &std::path::Path) -> PathBuf { fn resolve_skills_dir(config: &Config, workspace: &std::path::Path) -> PathBuf {
let workspace = fs::canonicalize(workspace).unwrap_or_else(|_| workspace.to_path_buf()); let configured_skills_dir = config.skills_dir();
let trusted_root = fs::canonicalize(&configured_skills_dir).unwrap_or(configured_skills_dir.clone());
let workspace = match fs::canonicalize(workspace) {
Ok(path) => path,
Err(_) => return configured_skills_dir,
};
if !workspace.starts_with(&trusted_root) {
return configured_skills_dir;
}
for candidate in [ for candidate in [
workspace.join(".agents").join("skills"), workspace.join(".agents").join("skills"),
workspace.join("skills"), workspace.join("skills"),
] { ] {
if let Ok(candidate) = fs::canonicalize(candidate) if let Ok(candidate) = fs::canonicalize(candidate)
&& candidate.starts_with(&trusted_root)
&& candidate.is_dir() && candidate.is_dir()
{ {
return candidate; return candidate;
} }
} }
config.skills_dir() configured_skills_dir
} }
fn load_mcp_config_or_default(path: &std::path::Path) -> Result<McpConfig, ApiError> { fn load_mcp_config_or_default(path: &std::path::Path) -> Result<McpConfig, ApiError> {