fix(workflow): validate workflow_id and confine workflow files to the workflow directory#521
Draft
yonib05 wants to merge 2 commits into
Draft
fix(workflow): validate workflow_id and confine workflow files to the workflow directory#521yonib05 wants to merge 2 commits into
yonib05 wants to merge 2 commits into
Conversation
… workflow directory workflow_id is used directly to build the workflow file name in WORKFLOW_DIR across the load, store, and delete operations. Add an allowlist check at the tool boundary (1-128 characters limited to letters, digits, '.', '_' and '-', rejecting "." and "..") and a defense-in-depth helper that resolves the target path and confirms it stays inside WORKFLOW_DIR before any read, write, or delete. Add regression tests covering the allowlist, the resolver, and each of the three filesystem operations.
… on path containment elsewhere
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The
workflowtool usesworkflow_iddirectly to build the workflow file name inWORKFLOW_DIR(WORKFLOW_DIR / f"{workflow_id}.json") across the load, store, and delete operations. The only existing check isif not workflow_id(which generates a UUID for empty create ids), so aworkflow_idcontaining directory separators or relative segments points the read/write/delete at a file outsideWORKFLOW_DIR.This change adds two layers:
workflow_idmust match^[A-Za-z0-9._-]{1,128}$and may not be.or... Invalid ids return an error result. The id is validated after the create-time UUID fallback, so auto-generated ids still pass.resolve_workflow_path, used byload_workflow,store_workflow, anddelete_workflow. It resolves the target path and raisesValueErrorunless the result is inside the resolvedWORKFLOW_DIR, so every filesystem operation stays confined regardless of how the id reaches it.Related Issues
Type of Change
Bug fix
Testing
Added a
TestWorkflowIdValidationsuite covering the allowlist (accepted and rejected ids including../../etc/passwd,.,.., separators, and overlong ids), the path resolver, and runtime confinement of all three sinks. Ran the workflow test module (54 passed) andruff format --check/ruff checkon the changed files.hatch run prepareChecklist