fix: absolute in-project paths (#629) + regex alternation false negatives (#628)#630
fix: absolute in-project paths (#629) + regex alternation false negatives (#628)#630justrach wants to merge 2 commits into
Conversation
isPathSafe rejected every absolute path with a blanket leading-`/` check, so codedb_read / codedb_edit returned "path traversal not allowed" for a file that lives *inside* the indexed project. Agents hold absolute paths, hit the terse error, and abandon codedb for bash (the #626 trajectory shows codedb!,codedb! then seven bash calls). Add projectRelPath(path, root): a safe relative path passes through; an absolute path is accepted only when it is exact-or-child of the project root and is rewritten to its relative form; out-of-root absolutes, `..` traversal, nulls and backslashes stay rejected. handleRead/handleEdit resolve the path through it using cwd's realpath as the root. isExactOrChild is now pub for reuse. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
In `mode=regex`, a top-level alternation like `xy|createGateway` (or `.*|foo`) where one branch yields no trigrams was prefiltered down to only the trigram-bearing branches' candidate files. Files matching the no-trigram branch were silently dropped, so the search returned 0 matches and read as an authoritative "not found". decomposeRegex now detects any branch that produces zero trigrams and returns an unconstrained query, so candidatesRegex returns null and the search scans every file. Alternations where every branch has trigrams still prefilter as before. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
👋 Thanks for the contribution! Quick heads-up: this repo lands changes on the current Please retarget this PR via Edit → base branch to the active release branch (currently (Automated hint — reply here if you need a hand.) |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 31233f95ff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const root: []const u8 = if (std.Io.Dir.cwd().realPathFile(io, ".", &root_buf)) |n| root_buf[0..n] else |_| ""; | ||
| const path = projectRelPath(path_arg, root) orelse { |
There was a problem hiding this comment.
When codedb /some/project mcp is launched from a different working directory (or deferred roots select a workspace different from the launch cwd), this normalizes absolute paths against the process cwd rather than the indexed root (explorer.root_path). An absolute path under the launch cwd but outside the project is therefore accepted and rewritten to a relative path; if that path is not cached in the project index, handleRead falls through to cwd().readFileAlloc and returns an out-of-scope file. It also still rejects absolute paths inside the actual indexed project in that launch mode, so the #629 fix only works when cwd equals the project root.
Useful? React with 👍 / 👎.
Benchmark Regression ReportThresholds: 10.00% and 50,000 ns absolute delta
|
1 participant
Fixes two silent, agent-facing footguns surfaced from real session traces. Both have regression tests; full
zig build testis green.#629 —
codedb_read/codedb_editreject absolute paths inside the projectisPathSaferejected every absolute path via a blanket leading-/check, so a path pointing at a file inside the indexed root returnedpath traversal not allowed. Agents hold absolute paths, hit the terse error, and abandon codedb forbash— the #626 trajectory showscodedb!,codedb!then sevenbashfallbacks.projectRelPath(path, root): safe relative paths pass through; an absolute path is accepted only when it is exact-or-child of the project root and is rewritten to its relative form.handleRead/handleEditresolve through it using cwd's realpath as the root...traversal, NUL bytes, backslashes, and sensitive files stay rejected (the existingissue-93security test is unchanged).root_policy.isExactOrChildis nowpub.#628 — regex alternation silently returns 0 matches
A top-level alternation like
xy|createGatewayor.*|foo, where one branch is too short / metachar-only to yield a trigram, prefiltered candidates down to only the trigram-bearing branches — silently dropping files that matched the other branch.mode=regexreturned 0 and read as an authoritative "not found".decomposeRegexnow detects any branch with zero trigrams and returns an unconstrained query, so the search scans every file.Tests
test_mcp.zig—issue-629: projectRelPath accepts absolute paths inside the project roottest_index.zig—issue-628: alternation with a no-trigram branch falls back to scan-all(verified to fail pre-fix withexpected 0, found 1)Closes #629
Closes #628
🤖 Generated with Claude Code