@@ -1240,48 +1240,50 @@ def shell_write_content_to_file(self, content: str, file_path: str) -> str:
12401240 Returns:
12411241 str: A confirmation message indicating success or an error message.
12421242 """
1243- if self .safe_mode and self .working_dir and not self .use_docker_backend :
1244- # Resolve relative paths relative to working_dir, not CWD
1245- if os .path .isabs (file_path ):
1246- abs_file_path = os .path .normpath (file_path )
1247- else :
1248- abs_file_path = os .path .normpath (
1243+ # For local backend, resolve relative paths to working_dir
1244+ if not self .use_docker_backend and self .working_dir :
1245+ if not os .path .isabs (file_path ):
1246+ file_path = os .path .normpath (
12491247 os .path .join (self .working_dir , file_path )
12501248 )
1251- working_dir_normalized = os . path . normpath (
1252- os .path .abspath ( self . working_dir )
1253- )
1254- abs_file_path = os . path . abspath ( abs_file_path )
1255- # Use os.path.commonpath for secure path containment check
1256- try :
1257- common = os .path .commonpath (
1258- [ abs_file_path , working_dir_normalized ]
1249+ else :
1250+ file_path = os .path .normpath ( file_path )
1251+ file_path = os . path . abspath ( file_path )
1252+
1253+ # Safe mode path containment check for local backend
1254+ if self . safe_mode :
1255+ working_dir_normalized = os .path .normpath (
1256+ os . path . abspath ( self . working_dir )
12591257 )
1260- if common != working_dir_normalized :
1258+ # Use os.path.commonpath for secure path containment check
1259+ try :
1260+ common = os .path .commonpath (
1261+ [file_path , working_dir_normalized ]
1262+ )
1263+ if common != working_dir_normalized :
1264+ return (
1265+ "Error: Cannot write to a file outside of the "
1266+ "working directory in safe mode."
1267+ )
1268+ except ValueError :
1269+ # Paths are on different drives (Windows) or invalid
12611270 return (
12621271 "Error: Cannot write to a file outside of the "
12631272 "working directory in safe mode."
12641273 )
1265- except ValueError :
1266- # Paths are on different drives (Windows) or invalid
1267- return (
1268- "Error: Cannot write to a file outside of the "
1269- "working directory in safe mode."
1270- )
1271- # Use the resolved absolute path for local writes
1272- file_path = abs_file_path
12731274
12741275 log_entry = (
12751276 f"--- Writing content to file at { time .ctime ()} \n "
12761277 f"> { file_path } \n "
12771278 )
12781279 if self .use_docker_backend :
1280+ temp_host_path = None
12791281 try :
12801282 # Ensure parent directory exists in container
12811283 parent_dir = os .path .dirname (file_path )
12821284 if parent_dir :
12831285 quoted_dir = shlex .quote (parent_dir )
1284- mkdir_cmd = f'sh -c "mkdir -p { quoted_dir }
1286+ mkdir_cmd = f'sh -lc "mkdir -p { quoted_dir }
12851287 mkdir_exec = self .docker_api_client .exec_create (
12861288 self .container .id , mkdir_cmd
12871289 )
@@ -1307,7 +1309,6 @@ def shell_write_content_to_file(self, content: str, file_path: str) -> str:
13071309 log_entry += f"\n -------- \n { content } \n --------\n "
13081310 with open (self .blocking_log_file , "a" , encoding = "utf-8" ) as f :
13091311 f .write (log_entry + "\n " )
1310- os .remove (temp_host_path ) # Clean up the temporary file
13111312 return (
13121313 f"Content successfully written to '{ file_path }
13131314 f"in Docker container."
@@ -1328,6 +1329,13 @@ def shell_write_content_to_file(self, content: str, file_path: str) -> str:
13281329 f"Error writing to file '{ file_path }
13291330 f"in Docker container: { e }
13301331 )
1332+ finally :
1333+ # Clean up the temporary file
1334+ if temp_host_path and os .path .exists (temp_host_path ):
1335+ try :
1336+ os .remove (temp_host_path )
1337+ except OSError :
1338+ pass
13311339
13321340 else :
13331341 try :
0 commit comments