fix(storage): handle OSS folder marker objects in download_folder

[rainive]

Summary

Fixes OSSStorage.download_folder() incorrectly treating OSS "folder marker" objects (keys ending with /, often zero-byte objects) as regular files.

When a bucket contains both:

• dir/ (marker object)
• dir/file.txt (real file)

the previous implementation would download dir/ to a local file named dir, and then later fail when trying to create the directory dir/ for dir/file.txt (file/dir name conflict).

Root cause

download_folder() only checked obj.is_prefix() to decide whether an entry should be created as a local directory.

However, folder marker objects like dir/ are real objects in object_list (not necessarily common-prefix entries), so they may not satisfy is_prefix() and were handled as files.

Fix

Treat objects with keys ending in / as directories:

if obj.is_prefix() or obj.key.endswith("/"):
    os.makedirs(local_path, exist_ok=True)
else:
    ...

This preserves empty directories represented by marker objects and prevents local path conflicts.

How to reproduce

1. Upload two keys into the same prefix:
   • <prefix>dir/ (empty object)
   • <prefix>dir/file.txt
2. Call download_folder(<prefix>, <local_dir>)

Before this patch: may fail due to dir being created as a file first.
After this patch: dir/ becomes a local directory and dir/file.txt downloads correctly.

Related issue

Fixes #450

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug in the OSSStorage.download_folder() method that caused incorrect handling of OSS folder marker objects. Previously, these zero-byte objects, which signify directories, were sometimes treated as regular files, leading to local file/directory name conflicts and download failures. The fix ensures that any object key ending with a slash is correctly interpreted as a directory, thereby preserving the intended directory structure and allowing successful downloads of nested files.

Highlights

• OSS Folder Marker Handling: Modified OSSStorage.download_folder() to correctly identify and handle OSS "folder marker" objects (keys ending with /) as directories, preventing conflicts with regular files.

Changelog

• src/agentscope_runtime/sandbox/manager/storage/oss_storage.py
  • Updated the download_folder method to include a check for object keys ending with / when determining if a local directory should be created.

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request effectively addresses the issue of OSSStorage.download_folder() incorrectly handling OSS folder marker objects by adding a check for object keys ending with a slash, preventing potential file/directory name conflicts during folder downloads. However, the OSSStorage.download_folder function remains vulnerable to a path traversal attack. It does not sanitize or validate the object keys retrieved from OSS before using them to construct local file paths, which could allow an attacker with control over the OSS bucket to write files to arbitrary locations on the local filesystem.

[cla-assistant]

All committers have signed the CLA.