From c4229646a62079c76ab53c9dcb8b9eb12d712ae4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 12:45:52 +0000 Subject: [PATCH 1/4] fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --- backend/llm/orchestrator.py | 23 ++--------------------- run_profiler_backend.py | 25 ++++++++++++++++++++++--- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/backend/llm/orchestrator.py b/backend/llm/orchestrator.py index 30dba5a..35b4097 100644 --- a/backend/llm/orchestrator.py +++ b/backend/llm/orchestrator.py @@ -2695,29 +2695,10 @@ def _runtime_progress_root() -> Path: return progress_root -def _legacy_orchestration_progress_file_path(run_id: str) -> Path: - safe_run_id = re.sub(r"[^A-Za-z0-9._-]", "_", str(run_id or "unknown")) - return _runtime_progress_root() / f"{safe_run_id}.json" - - def _orchestration_progress_file_path(run_id: str) -> Path: - normalized_run_id = str(run_id or "unknown") - safe_run_id = re.sub(r"[^A-Za-z0-9_.-]", "_", normalized_run_id).strip("._-") - if not safe_run_id: - safe_run_id = "unknown" + normalized_run_id = str(run_id or "").strip() or "unknown" runtime_root = _runtime_progress_root().resolve() - legacy_path = _legacy_orchestration_progress_file_path(safe_run_id) - try: - resolved_legacy_path = legacy_path.resolve() - if resolved_legacy_path.exists() and resolved_legacy_path.is_relative_to(runtime_root): - return resolved_legacy_path - except Exception: - logger.warning( - "Ignoring unsafe legacy orchestration progress path for run_id=%s", - safe_run_id, - exc_info=True, - ) - file_name = f"{hashlib.sha256(safe_run_id.encode('utf-8')).hexdigest()}.json" + file_name = f"{hashlib.sha256(normalized_run_id.encode('utf-8')).hexdigest()}.json" return runtime_root / file_name diff --git a/run_profiler_backend.py b/run_profiler_backend.py index 19a6b96..cf6b4ad 100644 --- a/run_profiler_backend.py +++ b/run_profiler_backend.py @@ -1,5 +1,6 @@ from __future__ import annotations +import ipaddress import logging import os import socket @@ -32,8 +33,26 @@ def _is_container_runtime() -> bool: def _default_profiler_host() -> str: - if _is_container_runtime(): - return "0.0.0.0" + return "127.0.0.1" + + +def _resolve_profiler_host() -> str: + requested_host = (os.getenv("BACKEND_PROFILER_HOST", _default_profiler_host()) or "").strip() or "127.0.0.1" + allow_remote = (os.getenv("BACKEND_PROFILER_ALLOW_REMOTE", "") or "").strip().lower() in {"1", "true", "yes", "on"} + if requested_host in {"localhost", "127.0.0.1", "::1"}: + return requested_host + try: + requested_ip = ipaddress.ip_address(requested_host) + except ValueError: + logger.warning("[WARN] invalid profiler host=%s; fallback to 127.0.0.1", requested_host) + return "127.0.0.1" + if requested_ip.is_loopback: + return requested_host + if allow_remote: + if requested_host == "0.0.0.0": + logger.warning("[WARN] profiler backend is binding to all interfaces (host=0.0.0.0)") + return requested_host + logger.warning("[WARN] remote profiler host=%s blocked; set BACKEND_PROFILER_ALLOW_REMOTE=true to allow", requested_host) return "127.0.0.1" @@ -68,7 +87,7 @@ def _resolve_bind_port(host: str, requested_port: int, max_attempts: int = 20) - def main() -> None: import uvicorn - host = os.getenv("BACKEND_PROFILER_HOST", _default_profiler_host()) + host = _resolve_profiler_host() port = _resolve_bind_port(host, int(os.getenv("BACKEND_PROFILER_PORT", "8000"))) logger.info("[OK] profiler backend bind target: http://%s:%s", host, port) uvicorn.run(app, host=host, port=port, reload=False) From 4a27db44bcaa125ea0bf0d73d1bc13af6e671a18 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 12:47:10 +0000 Subject: [PATCH 2/4] chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --- backend/llm/orchestrator.py | 4 +++- run_profiler_backend.py | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/backend/llm/orchestrator.py b/backend/llm/orchestrator.py index 35b4097..1aeb4fd 100644 --- a/backend/llm/orchestrator.py +++ b/backend/llm/orchestrator.py @@ -2696,7 +2696,9 @@ def _runtime_progress_root() -> Path: def _orchestration_progress_file_path(run_id: str) -> Path: - normalized_run_id = str(run_id or "").strip() or "unknown" + normalized_run_id = str(run_id if run_id is not None else "unknown") + if normalized_run_id == "": + normalized_run_id = "unknown" runtime_root = _runtime_progress_root().resolve() file_name = f"{hashlib.sha256(normalized_run_id.encode('utf-8')).hexdigest()}.json" return runtime_root / file_name diff --git a/run_profiler_backend.py b/run_profiler_backend.py index cf6b4ad..4d556af 100644 --- a/run_profiler_backend.py +++ b/run_profiler_backend.py @@ -37,7 +37,7 @@ def _default_profiler_host() -> str: def _resolve_profiler_host() -> str: - requested_host = (os.getenv("BACKEND_PROFILER_HOST", _default_profiler_host()) or "").strip() or "127.0.0.1" + requested_host = (os.getenv("BACKEND_PROFILER_HOST") or _default_profiler_host()).strip() allow_remote = (os.getenv("BACKEND_PROFILER_ALLOW_REMOTE", "") or "").strip().lower() in {"1", "true", "yes", "on"} if requested_host in {"localhost", "127.0.0.1", "::1"}: return requested_host @@ -49,8 +49,8 @@ def _resolve_profiler_host() -> str: if requested_ip.is_loopback: return requested_host if allow_remote: - if requested_host == "0.0.0.0": - logger.warning("[WARN] profiler backend is binding to all interfaces (host=0.0.0.0)") + if requested_ip.is_unspecified: + logger.warning("[WARN] profiler backend is binding to all interfaces (host=%s)", requested_host) return requested_host logger.warning("[WARN] remote profiler host=%s blocked; set BACKEND_PROFILER_ALLOW_REMOTE=true to allow", requested_host) return "127.0.0.1" From 1c36f742b512c94f418aa65f296cd0601142a817 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 12:48:03 +0000 Subject: [PATCH 3/4] fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --- run_profiler_backend.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/run_profiler_backend.py b/run_profiler_backend.py index 4d556af..5a2358e 100644 --- a/run_profiler_backend.py +++ b/run_profiler_backend.py @@ -39,12 +39,21 @@ def _default_profiler_host() -> str: def _resolve_profiler_host() -> str: requested_host = (os.getenv("BACKEND_PROFILER_HOST") or _default_profiler_host()).strip() allow_remote = (os.getenv("BACKEND_PROFILER_ALLOW_REMOTE", "") or "").strip().lower() in {"1", "true", "yes", "on"} - if requested_host in {"localhost", "127.0.0.1", "::1"}: + if requested_host == "localhost": + try: + infos = socket.getaddrinfo("localhost", None) + if infos and all(ipaddress.ip_address(info[4][0]).is_loopback for info in infos): + return requested_host + except Exception: + pass + logger.warning("[WARN] localhost does not resolve to loopback only; fallback to 127.0.0.1") + return "127.0.0.1" + if requested_host in {"127.0.0.1", "::1"}: return requested_host try: requested_ip = ipaddress.ip_address(requested_host) except ValueError: - logger.warning("[WARN] invalid profiler host=%s; fallback to 127.0.0.1", requested_host) + logger.warning("[WARN] hostname profiler host=%s is not allowed; fallback to 127.0.0.1", requested_host) return "127.0.0.1" if requested_ip.is_loopback: return requested_host From a5263d2f6748a70288c9de83d3ae0471aebd3551 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 12:49:04 +0000 Subject: [PATCH 4/4] chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --- run_profiler_backend.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run_profiler_backend.py b/run_profiler_backend.py index 5a2358e..55c66ab 100644 --- a/run_profiler_backend.py +++ b/run_profiler_backend.py @@ -45,14 +45,14 @@ def _resolve_profiler_host() -> str: if infos and all(ipaddress.ip_address(info[4][0]).is_loopback for info in infos): return requested_host except Exception: - pass + logger.warning("[WARN] failed to resolve localhost loopback addresses", exc_info=True) logger.warning("[WARN] localhost does not resolve to loopback only; fallback to 127.0.0.1") return "127.0.0.1" if requested_host in {"127.0.0.1", "::1"}: return requested_host try: requested_ip = ipaddress.ip_address(requested_host) - except ValueError: + except (TypeError, ValueError): logger.warning("[WARN] hostname profiler host=%s is not allowed; fallback to 127.0.0.1", requested_host) return "127.0.0.1" if requested_ip.is_loopback: