Skip to content

fix[notask]: validate modelDir path in TTS benchmark server to prevent traversal#1103

Merged
sharmaraju352 merged 2 commits into
mainfrom
fix/tts-benchmark-modeldir-path-validation
Mar 24, 2026
Merged

fix[notask]: validate modelDir path in TTS benchmark server to prevent traversal#1103
sharmaraju352 merged 2 commits into
mainfrom
fix/tts-benchmark-modeldir-path-validation

Conversation

@sharmaraju352

@sharmaraju352 sharmaraju352 commented Mar 24, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Validate that modelDir resolves within BENCHMARKS_DIR or SHARED_DATA_DIR in both runChatterboxTTS and runSupertonicTTS to prevent directory traversal

How was it tested?

  • Unit tests (before & after): 21/21 pass, 63/63 assertions

Made with Cursor

fix[notask]: validate modelDir path in TTS benchmark server to preven…
409e8d4 
…t traversal

Both runChatterboxTTS and runSupertonicTTS accepted arbitrary absolute
paths for modelDir, allowing directory enumeration outside the benchmark
directory. Validate that resolved modelDir is within BENCHMARKS_DIR or
SHARED_DATA_DIR before proceeding.

Made-with: Cursor
@sharmaraju352 sharmaraju352 requested review from a team as code owners March 24, 2026 07:39
@github-actions

github-actions Bot commented Mar 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Tier-based Approval Status

**PR Tier:** TIER1

**Current Status:** ✅ APPROVED

**Requirements:**
- 1 Team Member approval ✅ (1/1)
- 1 Team Lead OR Management approval ✅ (1/1)



---
*This comment is automatically updated when reviews change.*

@sharmaraju352

sharmaraju352 commented Mar 24, 2026

Copy link
Copy Markdown
Contributor Author

/review

@sharmaraju352 sharmaraju352 merged commit fcee1ef into main Mar 24, 2026
16 of 17 checks passed
@sharmaraju352 sharmaraju352 deleted the fix/tts-benchmark-modeldir-path-validation branch March 24, 2026 13:34
@sharmaraju352 sharmaraju352 mentioned this pull request Mar 25, 2026
Merged
Proletter pushed a commit that referenced this pull request May 24, 2026
@sharmaraju352
fix[notask]: validate modelDir path in TTS benchmark server to preven…
3a6bbbe 
…t traversal (#1103)

Both runChatterboxTTS and runSupertonicTTS accepted arbitrary absolute
paths for modelDir, allowing directory enumeration outside the benchmark
directory. Validate that resolved modelDir is within BENCHMARKS_DIR or
SHARED_DATA_DIR before proceeding.

Made-with: Cursor

Co-authored-by: Raju <raju.sharma>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ishanvohra2 ishanvohra2 ishanvohra2 approved these changes

@GustavoA1604 GustavoA1604 GustavoA1604 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sharmaraju352 @ishanvohra2 @GustavoA1604