Skip to content

Limit submit image path access#12

Merged
walker1211 merged 1 commit into
mainfrom
security/limit-submit-image-paths
Jun 16, 2026
Merged

Limit submit image path access#12
walker1211 merged 1 commit into
mainfrom
security/limit-submit-image-paths

Conversation

@walker1211

Copy link
Copy Markdown
Owner

Summary

  • Stage local reference images for async submit jobs into a configured input directory.
  • Restrict server-side image lookup to relative paths inside that directory to address the CodeQL path-injection alert.
  • Add storage.image_input_dir configuration and regression tests for validation and staging.

Test plan

  • go test ./...
  • git diff --check

为修复 Code scanning 的路径注入告警,submit 会先将本地参考图暂存到受控目录,服务端只读取该目录内的相对路径。
@walker1211
walker1211 merged commit 17d1514 into main Jun 16, 2026
4 checks passed
@walker1211
walker1211 deleted the security/limit-submit-image-paths branch June 16, 2026 01:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant