security: fix path traversal in BaseTuner directory/project_name/tuner_id

Fixes a path traversal vulnerability where user-supplied directory,
project_name, and tuner_id parameters were joined into filesystem
paths without validation. An attacker could set directory='../evil'
or project_name='../../etc' to escape the intended project directory.

When combined with overwrite=True, this could lead to arbitrary
directory deletion.

The fix adds _validate_project_path() and _validate_tuner_id()
static methods that reject path traversal sequences (..) and
path separators in tuner_id.

Tests cover directory traversal, project_name traversal, and
tuner_id traversal with environment variable input.

Author: dfgvaetyj3456356-hash

keras_tuner/engine/base_tuner.py

@@ -115,13 +115,15 @@ def __init__(
         # Ops and metadata
         self.directory = directory or "."
         self.project_name = project_name or "untitled_project"
+        self._validate_project_path(self.directory, self.project_name)
         self.oracle._set_project_dir(self.directory, self.project_name)
 
         if overwrite and backend.io.exists(self.project_dir):
             backend.io.rmtree(self.project_dir)
 
         # To support tuning distribution.
         self.tuner_id = os.environ.get("KERASTUNER_TUNER_ID", "tuner0")
+        self._validate_tuner_id(self.tuner_id)
 
         # Reloading state.
         if not overwrite and backend.io.exists(self._get_tuner_fname()):
@@ -471,5 +473,37 @@ def get_trial_dir(self, trial_id):
         utils.create_directory(dirname)
         return dirname
 
+    @staticmethod
+    def _validate_project_path(directory, project_name):
+        """Validates that directory and project_name do not contain path traversal.
+
+        Raises:
+            ValueError: If path traversal sequences or absolute paths are detected.
+        """
+        for name, segment in (("directory", str(directory)), ("project_name", str(project_name))):
+            if ".." in segment:
+                raise ValueError(
+                    f"Path traversal is not allowed in {name}. Received: {segment!r}"
+                )
+            # Reject absolute paths in project_name to prevent writing outside CWD
+            if name == "project_name" and os.path.isabs(segment):
+                raise ValueError(
+                    f"Absolute paths are not allowed in {name}. Received: {segment!r}"
+                )
+
+    @staticmethod
+    def _validate_tuner_id(tuner_id):
+        """Validates that tuner_id does not contain path traversal sequences.
+
+        Raises:
+            ValueError: If path traversal sequences or path separators are detected.
+        """
+        tuner_id_str = str(tuner_id)
+        if ".." in tuner_id_str or "/" in tuner_id_str or "\\" in tuner_id_str:
+            raise ValueError(
+                f"tuner_id cannot contain path separators or traversal sequences. "
+                f"Received: {tuner_id_str!r}"
+            )
+
     def _get_tuner_fname(self):
         return os.path.join(str(self.project_dir), f"{str(self.tuner_id)}.json")

keras_tuner/engine/base_tuner_test.py

@@ -248,3 +248,99 @@ def _the_func():
         _the_func, num_workers=2, wait_for_chief=True
     )
     oracle_client.TIMEOUT = timeout
+
+
+
+def test_directory_path_traversal_raises_value_error(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    with pytest.raises(ValueError, match="Path traversal"):
+        gridsearch.GridSearch(
+            directory="../evil",
+            hypermodel=build_model,
+            max_trials=1,
+        )
+
+
+def test_project_name_path_traversal_raises_value_error(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    with pytest.raises(ValueError, match="Path traversal"):
+        gridsearch.GridSearch(
+            directory=tmp_path,
+            project_name="../../evil",
+            hypermodel=build_model,
+            max_trials=1,
+        )
+
+
+def test_tuner_id_path_traversal_raises_value_error(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    import os
+    original_tuner_id = os.environ.get("KERASTUNER_TUNER_ID")
+    try:
+        os.environ["KERASTUNER_TUNER_ID"] = "../../../evil"
+        with pytest.raises(ValueError, match="tuner_id"):
+            gridsearch.GridSearch(
+                directory=tmp_path,
+                hypermodel=build_model,
+                max_trials=1,
+            )
+    finally:
+        if original_tuner_id is not None:
+            os.environ["KERASTUNER_TUNER_ID"] = original_tuner_id
+        else:
+            os.environ.pop("KERASTUNER_TUNER_ID", None)
+
+
+def test_valid_directory_and_project_name_succeeds(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    # These should not raise
+    tuner = gridsearch.GridSearch(
+        directory=tmp_path,
+        project_name="my_project",
+        hypermodel=build_model,
+        max_trials=1,
+    )
+    assert tuner.directory == str(tmp_path)
+    assert tuner.project_name == "my_project"
+
+
+def test_project_name_absolute_path_raises_value_error(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    with pytest.raises(ValueError, match="Absolute paths"):
+        gridsearch.GridSearch(
+            directory=tmp_path,
+            project_name="/etc",
+            hypermodel=build_model,
+            max_trials=1,
+        )
+
+
+def test_tuner_id_forward_slash_raises_value_error(tmp_path):
+    def build_model(hp):
+        hp.Boolean("a")
+
+    import os
+    original_tuner_id = os.environ.get("KERASTUNER_TUNER_ID")
+    try:
+        os.environ["KERASTUNER_TUNER_ID"] = "evil/tuner"
+        with pytest.raises(ValueError, match="tuner_id"):
+            gridsearch.GridSearch(
+                directory=tmp_path,
+                hypermodel=build_model,
+                max_trials=1,
+            )
+    finally:
+        if original_tuner_id is not None:
+            os.environ["KERASTUNER_TUNER_ID"] = original_tuner_id
+        else:
+            os.environ.pop("KERASTUNER_TUNER_ID", None)