refactor: consolidate filesystem path handling for file endpoints#178
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR consolidates and hardens filesystem path handling across API surfaces that write or serve files (uploads, streaming downloads, and SPA static fallback), aiming to prevent path traversal / containment escapes while keeping external API shapes stable.
Changes:
- Sanitize uploaded filenames for
/api/evaluateand/api/evaluate/streamto prevent traversal and avoid same-name clobbering. - Introduce a per-process export directory with opaque, server-generated filenames and confine
/api/streaming/download/{filename}to that directory. - Add regression tests covering traversal attempts, symlink escape, “bare filename” validation, and SPA fallback containment.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/test_api.py | Adds regression coverage for upload sanitization, streaming download containment, and SPA fallback containment. |
| src/agentevals/streaming/ws_server.py | Writes exported session traces into the dedicated export directory using opaque names. |
| src/agentevals/streaming/exports.py | Introduces EXPORT_DIR and export_name() for process-private, download-eligible exports. |
| src/agentevals/api/streaming_routes.py | Stores prepared evaluation artifacts in EXPORT_DIR and enforces containment in the download endpoint. |
| src/agentevals/api/routes.py | Centralizes safe upload path construction and applies it to sync + SSE evaluation endpoints. |
| src/agentevals/api/app.py | Prevents SPA fallback path joining from escaping the configured static directory. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
EItanya
approved these changes
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR tidies up how the API resolves filesystem paths across the static asset, upload, and download surfaces. Paths are normalized and kept within their intended directories, and prepared files are served from a dedicated per-process directory using server-generated names.
Notes