diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-11 01:39:38 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-11 01:39:38 +0300 |
| commit | 9b516a32dee89534cca80fd8acb16272c8c3b28f (patch) | |
| tree | 6d97e011c3a80fb9a2d68834b5386b6f28854b1a /docs/_include/interface-eapol.txt | |
| parent | c1bd8ec3e8b5a6dfbc530fa3183eee0ece7572f4 (diff) | |
| download | vyos-documentation-9b516a32dee89534cca80fd8acb16272c8c3b28f.tar.gz vyos-documentation-9b516a32dee89534cca80fd8acb16272c8c3b28f.zip | |
ci(ai-validation): fail-fast on traversal paths (consistency w/ non-regular guard)
Copilot finding on PR #1959 (line 114): the path-traversal hardening
block used `continue` (skip-with-warning) on detection of absolute /
traversal paths, but the non-regular-tree-entry check below uses
`exit 1`. The asymmetry meant a fork PR that smuggles in a path like
`docs/../../outside.md` would silently bypass Pass 1 (no file copied
into _changed_md/) and Pass 2 (LLM Read/Glob/Grep tools see no
content) — reducing validation coverage on exactly the inputs that
warrant the closest look.
Change `continue` to `exit 1` so both unsafe-input checks have
consistent visible-failure semantics. Maintainers must explicitly
address an offending path rather than have it skipped.
Mirrored byte-identically across all three open workflow PRs.
Diffstat (limited to 'docs/_include/interface-eapol.txt')
0 files changed, 0 insertions, 0 deletions
