Skip to content

fix: redact directory path validation errors#6427

Open
hiSandog wants to merge 1 commit into
crewAIInc:mainfrom
hiSandog:fix/crewai-small-cleanup-20260702
Open

fix: redact directory path validation errors#6427
hiSandog wants to merge 1 commit into
crewAIInc:mainfrom
hiSandog:fix/crewai-small-cleanup-20260702

Conversation

@hiSandog

@hiSandog hiSandog commented Jul 2, 2026

Copy link
Copy Markdown

Summary

  • Avoid exposing absolute base paths when directory validation receives a file path.
  • Add regression coverage for the redacted directory validation error.

Validation

  • git diff --check
  • uv run --project /Users/sandog/sandog/code/kaiyuan-space/crewAI --no-sync pytest -p no:cacheprovider work/crewai_safe_path_test.py

Note: attempted the repository test path with uv, but the full environment sync was still running after several minutes. Running the repo test with --no-sync loads the repository conftest, which requires dotenv in this local environment.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ce6be1bd-78f1-4d20-b2af-13d36d9b8101

📥 Commits

Reviewing files that changed from the base of the PR and between 559a9c6 and f45260e.

📒 Files selected for processing (2)
  • lib/crewai-tools/src/crewai_tools/security/safe_path.py
  • lib/crewai-tools/tests/utilities/test_safe_path.py

📝 Walkthrough

Walkthrough

The error message raised by validate_directory_path when a non-directory path is provided now uses a sanitized display path instead of the raw validated path, preventing base directory exposure. A corresponding unit test was added to verify this behavior.

Changes

Path leak fix

Layer / File(s) Summary
Sanitized error message and test
lib/crewai-tools/src/crewai_tools/security/safe_path.py, lib/crewai-tools/tests/utilities/test_safe_path.py
validate_directory_path now raises ValueError with a display-formatted path via format_path_for_display(validated, base_dir) instead of the raw path; a new test verifies the error message contains only the filename, not the base directory.

Compact metadata: 2 files changed (+13/-1 lines) across source and test files.

Related issues: None specified.

Related PRs: None specified.

Suggested labels: security, bug-fix, tests

Suggested reviewers: None specified.

🐰 A tiny hop through paths so sly,
No base directory now slips by,
Just filenames shown, clean and neat,
A safer message, small but sweet.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: redacting directory path validation errors.
Description check ✅ Passed The description is clearly related to the changeset and matches the added redaction fix and regression test.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant