Add durable session handoff packages#23
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: aa8f538e5e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let session_dir = sessions_dir(&state).await.join(&session_id); | ||
| if !session_dir.is_dir() { | ||
| return Err(format!("Session '{session_id}' not found")); |
There was a problem hiding this comment.
export_session_handoff builds session_dir by directly joining untrusted session_id to the sessions root and only checks is_dir(). A value like "../../Documents" will pass if that directory exists, and the command then writes a handoff artifact under that escaped path (artifacts/handoffs/...). This allows writing outside the managed sessions tree, which is a filesystem integrity/security issue for any caller that can invoke this command.
Useful? React with 👍 / 👎.
| if let Some(session_id) = target_session_id { | ||
| let session_dir = sessions_root.join(session_id); | ||
| if !session_dir.is_dir() { | ||
| return Err(format!("Target session '{session_id}' not found")); |
There was a problem hiding this comment.
resolve_import_target accepts target_session_id verbatim, joins it to sessions_root, and treats any existing directory as valid. With path traversal segments (for example "../../../tmp"), import_handoff_into_session will then write artifacts/handoffs/*.json and metadata.json into that escaped directory. This permits unintended file writes outside the session store and should be blocked by validating IDs (or enforcing canonical-path containment).
Useful? React with 👍 / 👎.
1 participant
Summary
Verification
Notes