Summary
LocalProvider.fetch() resolves the source argument directly to Path(target) and scans any directory or ZIP file on the host filesystem. When the /api/analyze endpoint is connected to the pipeline (currently returns not_implemented), an authenticated user could pass source=/etc or source=../../secrets to read arbitrary files.
Category
Security
Severity
Medium
Location
- File:
src/medcheck/providers/local.py
- Lines: 23–34 (
fetch() method)
Details
The ZIP-traversal check in _scan_zip() is correctly implemented. The gap is in the directory path branch: Path(target).is_dir() accepts any absolute or relative path. There is no sandboxing to a safe base directory.
Current mitigations (lower severity):
/api/analyze currently returns {"status": "not_implemented"} — the code is never reached
- Server defaults to
127.0.0.1 (localhost-only) and supports API key auth
- Operators must explicitly set
MEDCHECK_HOST=0.0.0.0 to expose over the network
Suggested Fix
Before connecting the analyze pipeline to the web endpoint, add a sandbox check:
import os
SAFE_BASE = Path(os.environ.get("MEDCHECK_DATA_DIR", "/data/dicom"))
def _sandbox(path: Path) -> Path:
resolved = path.resolve()
if not str(resolved).startswith(str(SAFE_BASE.resolve())):
raise ValueError(f"Path outside allowed data directory: {path}")
return resolved
And in fetch():
target_path = self._sandbox(Path(target))
Effort Estimate
15 min
Automated finding by repo-health-agent v1.0
Summary
LocalProvider.fetch()resolves thesourceargument directly toPath(target)and scans any directory or ZIP file on the host filesystem. When the/api/analyzeendpoint is connected to the pipeline (currently returnsnot_implemented), an authenticated user could passsource=/etcorsource=../../secretsto read arbitrary files.Category
Security
Severity
Medium
Location
src/medcheck/providers/local.pyfetch()method)Details
The ZIP-traversal check in
_scan_zip()is correctly implemented. The gap is in the directory path branch:Path(target).is_dir()accepts any absolute or relative path. There is no sandboxing to a safe base directory.Current mitigations (lower severity):
/api/analyzecurrently returns{"status": "not_implemented"}— the code is never reached127.0.0.1(localhost-only) and supports API key authMEDCHECK_HOST=0.0.0.0to expose over the networkSuggested Fix
Before connecting the analyze pipeline to the web endpoint, add a sandbox check:
And in
fetch():Effort Estimate
15 min
Automated finding by repo-health-agent v1.0