APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

refactor: use Path.is_relative_to() for skill_view boundary check

Browse source 
Replace the string-based startswith + os.sep approach with
Path.is_relative_to() (Python 3.9+, we require 3.10+). This is
the idiomatic pathlib way to check path containment — it handles
separators, case sensitivity, and the equal-path case natively
without string manipulation.

Simplified tests to match: removed the now-unnecessary
test_separator_is_os_native test since is_relative_to doesn't
depend on separator choice.
This commit is contained in:
teknium1 2026-03-04 05:30:43 -08:00
parent 7796ac1411
commit 79871c2083
2 changed files with 7 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_tool.py
View file

@ -458,7 +458,7 @@ def skill_view(name: str, file_path: str = None, task_id: str = None) -> str:
try:
resolved = target_file.resolve()
skill_dir_resolved = skill_dir.resolve()
if not str(resolved).startswith(str(skill_dir_resolved) + os.sep) and resolved != skill_dir_resolved:
if not resolved.is_relative_to(skill_dir_resolved):
return json.dumps({
"success": False,
"error": "Path escapes skill directory boundary.",