You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add null/empty parameter validation across file services
Improve code formatting and error handling
Fix path error handling in file operations
Diagram Walkthrough
flowchart LR
A["Input Parameters"] --> B["Validation Check"]
B --> C["File Operations"]
C --> D["Message Processing"]
D --> E["Reset Wrapper"]
E --> F["Clean Output"]
Early returns and additional guards now skip processing when inputs (e.g., messageIds elements) are null/whitespace or directories/files are missing. Verify callers rely on this silent skipping and that no required files are skipped due to trimming/whitespace or case sensitivity in file names.
Clearing message.AdditionalMessageWrapper is intended to prevent leakage; confirm no downstream logic expects this wrapper after invocation or assistant response, and that partial streaming paths also reset it consistently.
response.FunctionName=response.FunctionName.Split("/").Last();}message.ToolCallId=response.ToolCallId;message.FunctionName=response.FunctionName;message.FunctionArgs=response.FunctionArgs;message.Indication=response.Indication;message.CurrentAgentId=agent.Id;message.IsStreaming=response.IsStreaming;message.AdditionalMessageWrapper=null;awaitInvokeFunction(message,dialogs,options);}else{// Handle output routing exception.if(agent.Type==AgentType.Routing){// Forgot about what situation needs to handle in this wayresponse.Content="Apologies, I'm not quite sure I understand. Could you please provide additional clarification or context?";}message=RoleDialogModel.From(message,role:AgentRole.Assistant,content:response.Content);message.CurrentAgentId=agent.Id;message.IsStreaming=response.IsStreaming;message.AdditionalMessageWrapper=null;dialogs.Add(message);Context.SetDialogs(dialogs);
The new RoleDialogModel constructor call sets role/content directly. Ensure other required fields (e.g., locale, metadata) are not implicitly initialized before and now omitted, and that MessageId reuse is intentional.
Many file operations directly combine user-controlled identifiers (conversationId, messageId, source, index) into paths without normalization or sandbox checks, enabling potential path traversal and unintended deletions/reads. Introduce a centralized path builder that validates inputs (rejects invalid chars, absolute paths, and ".."), normalizes with Path.GetFullPath, and enforces containment under the configured base directory before any IO. Apply it consistently across all Save/Get/Delete methods (local and cloud providers) to prevent cross-tenant leakage and destructive deletes.
publicstringGetMessageFile(stringconversationId,stringmessageId,stringsource,stringindex,stringfileName){// User-controlled inputs are directly used to build a path.// A malicious 'conversationId' like "../sensitive_data" could escape the intended directory.vardir=Path.Combine(_baseDir,CONVERSATION_FOLDER,conversationId,FILE_FOLDER,messageId,source,index);if(!ExistDirectory(dir)){returnstring.Empty;}varfound=Directory.GetFiles(dir).FirstOrDefault(...);returnfound;}publicboolDeleteConversationFiles(IEnumerable<string>conversationIds){foreach(varconversationIdinconversationIds){// A malicious 'conversationId' could lead to deleting unintended directories.varconvDir=Path.Combine(_baseDir,CONVERSATION_FOLDER,conversationId);DeleteDirectory(convDir);}returntrue;}
After:
// In a new centralized path utilitypublicstaticstringBuildSanitizedPath(stringbaseDir,paramsstring[]pathSegments){foreach(varsegmentinpathSegments){if(segment.Contains("..")||Path.IsPathRooted(segment)){thrownewArgumentException("Invalid path segment detected.");}}varfullPath=Path.GetFullPath(Path.Combine(baseDir,Path.Combine(pathSegments)));if(!fullPath.StartsWith(Path.GetFullPath(baseDir))){thrownewSecurityException("Path traversal attempt detected.");}returnfullPath;}// In LocalFileStorageServicepublicstringGetMessageFile(stringconversationId,stringmessageId, ...){// All path construction now goes through the centralized, secure builder.vardir=PathUtility.BuildSanitizedPath(_baseDir,CONVERSATION_FOLDER,conversationId, ...);// ...}
Suggestion importance[1-10]: 10
__
Why: The suggestion correctly identifies a critical path traversal security vulnerability in the file handling logic, which the PR's changes overlook, and proposes a robust, centralized solution.
High
Possible issue
Guard against empty message IDs
Skip empty messageId entries before building paths to prevent deleting unintended directories or throwing on null path segments. This mirrors the validation pattern used elsewhere in this file.
foreach (var messageId in messageIds)
{
+ if (string.IsNullOrWhiteSpace(messageId))+ {+ continue;+ }+
var dir = GetConversationFileDirectory(conversationId, messageId);
if (!ExistDirectory(dir))
{
continue;
}
DeleteDirectory(dir);
Thread.Sleep(100);
}
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly points out a missing null/whitespace check for messageId within the loop, which is a pattern applied to other methods in this PR. This change prevents potential exceptions and makes the DeleteMessageFiles method more robust and consistent.
Medium
Skip invalid conversation IDs
Add a per-item check to skip null/whitespace conversationId values to avoid passing invalid inputs into path builders. This prevents potential exceptions and accidental deletions.
foreach (var conversationId in conversationIds)
{
+ if (string.IsNullOrWhiteSpace(conversationId))+ {+ continue;+ }+
var convDir = GetConversationDirectory(conversationId);
if (!ExistDirectory(convDir))
{
continue;
}
DeleteDirectory(convDir);
}
return true;
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: This suggestion correctly identifies that conversationId is not validated inside the loop, which could lead to an exception if a null or empty value is present in conversationIds. Adding this check improves robustness and aligns with the defensive coding style used elsewhere in the PR.
Medium
Validate the source parameter
Validate the source parameter before using it in Path.Combine to avoid an ArgumentNullException. If source is null or whitespace, return early like other guards. This keeps behavior consistent with the rest of the validations added in this PR.
public IEnumerable<MessageFileModel> GetMessageFiles(string conversationId, IEnumerable<string> messageIds,
string source, IEnumerable<string>? contentTypes = null)
{
var files = new List<MessageFileModel>();
- if (string.IsNullOrWhiteSpace(conversationId) || messageIds.IsNullOrEmpty())+ if (string.IsNullOrWhiteSpace(conversationId) || messageIds.IsNullOrEmpty() || string.IsNullOrWhiteSpace(source))
{
return files;
}
[To ensure code accuracy, apply this suggestion manually]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that the source parameter is used in Path.Combine without validation, which could cause an ArgumentNullException. Adding this check improves the method's robustness and aligns with the PR's goal of adding comprehensive validation.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Type
Bug fix, Enhancement
Description
Reset message wrapper to prevent data leakage
Add null/empty parameter validation across file services
Improve code formatting and error handling
Fix path error handling in file operations
Diagram Walkthrough
File Walkthrough
LocalFileStorageService.Audio.cs
Add parameter validation to audio file servicesrc/Infrastructure/BotSharp.Core/Files/Services/Storage/LocalFileStorageService.Audio.cs
LocalFileStorageService.Conversation.cs
Add parameter validation and improve formattingsrc/Infrastructure/BotSharp.Core/Files/Services/Storage/LocalFileStorageService.Conversation.cs
values
RoutingService.InvokeAgent.cs
Reset message wrapper to prevent data leakagesrc/Infrastructure/BotSharp.Core/Routing/RoutingService.InvokeAgent.cs
PlotChartFn.cs
Simplify RoleDialogModel constructor usagesrc/Plugins/BotSharp.Plugin.ChartHandler/Functions/PlotChartFn.cs