[Repo Assist] fix(canvas): skip GetFinalPathFromHandle containment check on non-Windows#264
Merged
shanselman merged 1 commit intomasterfrom May 5, 2026
Conversation
…dows
GetFinalPathFromHandle calls the Win32 GetFinalPathNameByHandle API, which
is not available on non-Windows platforms. The method already guards this
correctly by returning string.Empty when not on Windows (line 440-441).
However the call site unconditionally passed that empty string into
IsPathWithinRoot, which resolves it via Path.GetFullPath("") — producing
the current working directory — then checked whether CWD falls inside the
temp root. On Linux CI runners (CWD = /home/runner/work/...) this always
fails, throwing "jsonlPath must resolve within the system temp directory"
before any content is read, causing two tests to fail on every non-Windows
run:
- CanvasCapabilityTests.A2UIPush_WithJsonlPath_ReadsFile
- A2UICapabilitySecurityTests.A2UIPush_FileJsonl_OverCap_ReturnsError
Fix: only perform the handle-resolved-path containment check when
GetFinalPathFromHandle returns a non-empty string. On non-Windows the
earlier symlink-resolution check (lines 379-404) already provides the
equivalent security guarantee using cross-platform .NET APIs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced May 4, 2026
shanselman
deleted the
repo-assist/fix-canvas-jsonl-linux-2026-05-03-899c253f0d54645f
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 This is an automated pull request from Repo Assist.
Summary
Fixes two pre-existing test failures that occurred on every non-Windows CI run:
CanvasCapabilityTests.A2UIPush_WithJsonlPath_ReadsFileA2UICapabilitySecurityTests.A2UIPush_FileJsonl_OverCap_ReturnsErrorRoot cause
GetFinalPathFromHandlecalls the Win32GetFinalPathNameByHandleAPI and already guards non-Windows correctly by returningstring.Empty(line 440–441):However the call site unconditionally passed that empty string into
IsPathWithinRoot, which resolves it viaPath.GetFullPath("")— producing the current working directory — then checked whether CWD falls insidetempRoot. On Linux CI (CWD =/home/runner/work/...), this always evaluated tofalse, throwing"jsonlPath must resolve within the system temp directory"before any content was read.Fix
One-line guard: only perform the handle-resolved-path containment check when
GetFinalPathFromHandlereturns a non-empty string.On non-Windows the earlier symlink-resolution check (lines 379–404, using cross-platform
FileInfo.ResolveLinkTarget) already provides the equivalent security guarantee.Security impact
None. The Windows handle-path guard defends against a race where a symlink is swapped between the
FileInfocheck and theFileStreamopen. On Linux:FileInfo.ResolveLinkTargetcheck (lines 379–404) detects symlinks pointing outside temp before the file is opened.Test Status
OpenClaw.Shared.TestsOpenClaw.Tray.Tests./build.ps1was not run (Linux environment); the fix is a one-line guard in anet10.0cross-platform library with no platform-specific build requirements.