33from __future__ import annotations
44
55import json
6- import os
76from pathlib import Path
87from typing import Any
98
@@ -18,17 +17,6 @@ def _read_json(path: Path) -> dict[str, Any] | None:
1817 return payload if isinstance (payload , dict ) else None
1918
2019
21- def _is_safe_subpath (base : Path , subpath : str ) -> bool :
22- """Validate that the given subpath resolves strictly within the base directory."""
23- if not subpath :
24- return False
25- base_str = os .path .abspath (str (base ))
26- if not base_str .endswith (os .sep ):
27- base_str += os .sep
28- target_str = os .path .abspath (os .path .join (base_str , str (subpath )))
29- return target_str .startswith (base_str )
30-
31-
3220def discover_spec8_pack_candidates (
3321 data_root : str | Path = "data/scenarios" ,
3422 output_root : str | Path = "output" ,
@@ -68,13 +56,9 @@ def load_spec8_flow_artifacts(
6856 data_root : str | Path = "data/scenarios" ,
6957 output_root : str | Path = "output" ,
7058 output_pack_id : str | None = None ,
71- ) -> dict [str , Any ] | None :
59+ ) -> dict [str , Any ]:
7260 data_base = Path (data_root )
7361 output_base = Path (output_root )
74-
75- if not _is_safe_subpath (data_base , pack_id ):
76- return None
77-
7862 data_pack = data_base / pack_id
7963
8064 situation = _read_json (data_pack / "situation.json" )
@@ -85,8 +69,6 @@ def load_spec8_flow_artifacts(
8569 generation_trace = _read_json (data_pack / "generation" / "log.json" )
8670
8771 resolved_output_pack = output_pack_id or pack_id
88- if not _is_safe_subpath (output_base , resolved_output_pack ):
89- return None
9072 result = _read_json (output_base / resolved_output_pack / "result.json" )
9173 explanation = _read_json (output_base / resolved_output_pack / "explanation.json" )
9274
0 commit comments