From d765715fbcff9b5d707da7979d71e925b1360f48 Mon Sep 17 00:00:00 2001 From: majdyz Date: Thu, 30 Apr 2026 12:06:21 +0700 Subject: [PATCH] fix(copilot): warn on path-traversal in delete_stale_cli_session_file Self-review: the projects-base guard was returning silently. Mirror the warn-shape from `_write_cli_session_to_disk` so an out-of-base resolve surfaces as a Sentry-visible warning. Unreachable in normal operation (server-generated UUID + deterministic `cli_session_path`), but a hit would indicate a config or tampering issue worth seeing. --- .../backend/backend/copilot/sdk/service.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/autogpt_platform/backend/backend/copilot/sdk/service.py b/autogpt_platform/backend/backend/copilot/sdk/service.py index 4bacfb8c73..f8236405d2 100644 --- a/autogpt_platform/backend/backend/copilot/sdk/service.py +++ b/autogpt_platform/backend/backend/copilot/sdk/service.py @@ -1320,6 +1320,17 @@ def delete_stale_cli_session_file( """ real_path = os.path.realpath(cli_session_path(sdk_cwd, session_id)) if not real_path.startswith(projects_base() + os.sep): + # Mirror ``_write_cli_session_to_disk``'s defense-in-depth: log + # rather than fail silently when the resolved path escapes the + # projects base. In normal operation this is unreachable + # (session_id is a server-generated UUID and ``cli_session_path`` + # is deterministic), so a hit indicates a config or tampering + # issue that's worth surfacing. + logger.warning( + "%s CLI session delete path outside projects base: %s", + log_prefix, + os.path.basename(real_path), + ) return False # Direct unlink — no exists() check (avoids TOCTOU with the file being # deleted by another process between check and unlink).