Skip to content

πŸ›‘οΈ Sentinel: [HIGH] Fix path traversal and username leak in default db paths #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
madara88645 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

πŸ›‘οΈ Sentinel: [HIGH] Fix path traversal and username leak in default db paths #200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/history/manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

DEFAULT_DB_PATH = os.path.expanduser("~/.promptc_history.db")
if os.name == "nt":
DEFAULT_DB_PATH = r"C:\Users\User\.promptc_history.db"
DEFAULT_DB_PATH = os.path.join(os.environ.get("USERPROFILE", "C:\\"), ".promptc_history.db")
Copy link

Copilot AI Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue here: if USERPROFILE is missing, the code falls back to C:\\ and will attempt to create/use C:\\.promptc_history.db, which may require elevated permissions and is not user-specific. Consider falling back to os.path.expanduser("~")/Path.home() (or leave the original expanduser("~/.promptc_history.db") in place) instead of defaulting to the drive root.

Suggested change
DEFAULT_DB_PATH = os.path.join(os.environ.get("USERPROFILE", "C:\\"), ".promptc_history.db")
user_home = os.environ.get("USERPROFILE") or os.path.expanduser("~")
DEFAULT_DB_PATH = os.path.join(user_home, ".promptc_history.db")

Copilot uses AI. Check for mistakes.
Comment on lines 9 to +11
Copy link

Copilot AI Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title/description mention fixing a "path traversal" issue, but this change only replaces a hardcoded Windows user path with a dynamically resolved one. If there is no path traversal vector, it would be better to adjust the PR description/title to match the actual fix scope (cross-user path leakage / hardcoded home path).

Copilot uses AI. Check for mistakes.


class HistoryManager:
Expand Down
2 changes: 1 addition & 1 deletion app/rag/simple_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
DEFAULT_DB_PATH = os.path.expanduser("~/.promptc_index_v3.db")
# Force absolute path for debugging Windows environment
if os.name == "nt":
DEFAULT_DB_PATH = r"C:\Users\User\.promptc_index_v3.db"
DEFAULT_DB_PATH = os.path.join(os.environ.get("USERPROFILE", "C:\\"), ".promptc_index_v3.db")
Comment on lines 38 to +41
Copy link

Copilot AI Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On Windows, falling back to "C:\\" when USERPROFILE is unset will place the DB in C:\\.promptc_*, which is not user-scoped and can still cause permission-denied crashes (and defeats the goal of avoiding cross-user leakage). Prefer falling back to a real home directory resolution (e.g., os.path.expanduser("~") / Path.home()) or simply keep using os.path.expanduser("~/.promptc_index_v3.db") for Windows as well.

Copilot uses AI. Check for mistakes.

CHUNK_SIZE = 1000
CHUNK_OVERLAP = 200
Expand Down
Loading