fix: fix path traversal vulnerability (#1199)

2026-01-09 14:57:59 -05:00 · 2024-04-18 03:49:37 -07:00
parent 426f387123
commit 51149780ac
1 changed files with 2 additions and 0 deletions
--- a/opendevin/server/listen.py
+++ b/opendevin/server/listen.py
@@ -114,6 +114,8 @@ def select_file(file: str):
    try:
        workspace_base = config.get('WORKSPACE_BASE')
        file_path = Path(workspace_base, file)
+        # The following will check if the file is within the workspace base and throw an exception if not
+        file_path.resolve().relative_to(Path(workspace_base).resolve())
        with open(file_path, 'r') as selected_file:
            content = selected_file.read()
    except Exception as e: