Skip to content

🔒 Path traversal vulnerability in output file path #78

Description

@asmit25805

🔒 Security · 🟠 High · Confidence: 99%

File: eval/lib/pixel_query.py
Location: render


What's wrong

The output path is built using os.path.join(self.output_dir, f"{example_id}_query.png") without sanitizing example_id. If example_id contains path separators (e.g., "../evil"), the renderer can write files outside the intended output directory.

Suggested fix

Validate or sanitize example_id to remove path traversal characters before constructing the file path, e.g.,

import pathlib
safe_id = pathlib.Path(example_id).name  # strips any directory components
out_path = os.path.join(self.output_dir, f"{safe_id}_query.png")

About this report

This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions