🛡️ Sentinel: [CRITICAL] Fix Path Traversal in Telemetry

[heidi-dang]

🚨 Severity: CRITICAL

💡 Vulnerability: Path Traversal in Telemetry module.
The get_run_dir function was using raw run_id input (from environment variables or CLI) to construct paths, allowing an attacker to use .. to escape the intended runs/ directory. The _rotate_events_log function also lacked validation to ensure it was only operating on files within the runs/ hierarchy.

🎯 Impact:
An attacker could:

1. Create directories in arbitrary locations (e.g., init_telemetry(run_id="../../malicious")).
2. Rotate or delete files outside the intended directories if the events_log path was manipulated.

🔧 Fix:

1. Hardened get_run_dir to use only the .name part of the provided run_id.
2. Added a defense-in-depth check in _rotate_events_log that resolves the path and verifies it is a child of the runs/ root.
3. Added SECURITY: docstring sections to highlight these measures.

✅ Verification:

• Confirmed the vulnerability with a reproduction script that successfully created a directory outside the runs/ root before the fix.
• Verified that the fix correctly sanitizes malicious run_id strings (e.g., ../../malicious becomes malicious).
• Verified that _rotate_events_log now explicitly blocks and logs attempts to rotate files outside the runs/ root.
• All existing telemetry tests pass.
• Ruff linting checks pass.

---

PR created automatically by Jules for task 8137947365068231499 started by @heidi-dang

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[gemini-code-assist]

Summary of Changes

Hello @heidi-dang, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical path traversal vulnerability within the telemetry module. It hardens path construction by sanitizing user-provided run IDs and implements robust validation to ensure file operations remain confined to designated directories. These changes significantly enhance the system's security posture against malicious file system manipulation.

Highlights

• Path Traversal Prevention in get_run_dir: The get_run_dir function now sanitizes the run_id input by extracting only the base name, preventing directory traversal attacks.
• Enhanced Path Validation in _rotate_events_log: A defense-in-depth check was added to _rotate_events_log to ensure that files being rotated are strictly within the intended runs/ directory hierarchy, blocking attempts to manipulate files outside this scope.
• Security Documentation: SECURITY: docstring sections were added to get_run_dir and _rotate_events_log to explicitly highlight the implemented security measures.

Changelog

• .jules/sentinel.md
  • Added a new security learning entry detailing the path traversal vulnerability in telemetry run IDs, its impact, and prevention methods.
• heidi_engine/dashboard.py
  • Adjusted minor whitespace for formatting consistency.
• heidi_engine/telemetry.py
  • Modified get_run_dir to use Path(run_id).name for sanitization, preventing path traversal.
  • Inserted a SECURITY: docstring section in get_run_dir to document the new security measures.
  • Introduced a defense-in-depth check in _rotate_events_log to resolve and validate that the target file is a child of the runs/ root directory.
  • Added a SECURITY: docstring section in _rotate_events_log to explain the path validation.
  • Corrected minor whitespace inconsistencies in get_state and main functions.

Activity

• PR created automatically by Jules for task 8137947365068231499 started by @heidi-dang.
• No human activity (comments, reviews) has occurred on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses a critical path traversal vulnerability. The two-pronged fix is excellent: sanitizing user input in get_run_dir and adding a defense-in-depth check in _rotate_events_log. I have one suggestion to make the path validation in _rotate_events_log even more robust and idiomatic.

[gemini-code-assist]

This is a great defense-in-depth check. For improved robustness and to follow a more idiomatic pathlib approach, consider replacing the if check with Path.relative_to(). This method cleanly handles various edge cases (like symlinks or the path being the root itself) by raising a ValueError if the path is not a sub-path, which can be caught. This is generally considered more reliable than checking the parents attribute.

Suggested change

	if runs_root not in resolved_file.parents:
	print(f"[ERROR] Security violation: Attempted to rotate file outside runs directory: {resolved_file}", file=sys.stderr)
	return
	try:
	resolved_file.relative_to(runs_root)
	except ValueError:
	print(f"[ERROR] Security violation: Attempted to rotate file outside runs directory: {resolved_file}", file=sys.stderr)
	return