Problem
When asset_root is set to a directory other than the process CWD, a path-space mismatch occurs:
- Asset handlers (audio/images/fonts/plugins) now store and serve files from
<asset_root>/samples/...
- The API returns logical paths like
samples/audio/user/clip.opus
- Downstream file-reader validation in
file_security.rs (lines 29–44) resolves those logical paths against the process working directory, not asset_root
This means that if asset_root != CWD, selecting a returned asset path in a pipeline would either fail validation or read a stale file from <cwd>/samples/....
Current Impact
None in production. The asset_root field is hidden from the config schema (#[schemars(skip)]) and defaults to current_dir() when unset. It was introduced in #520 purely for test isolation (replacing figment::Jail CWD mutation with TempDir).
Fix needed if asset_root is ever promoted to user-facing config
file_security.rs path resolution and any other downstream consumers of samples/... paths would need to resolve against asset_root instead of (or in addition to) CWD.
Related
Problem
When
asset_rootis set to a directory other than the process CWD, a path-space mismatch occurs:<asset_root>/samples/...samples/audio/user/clip.opusfile_security.rs(lines 29–44) resolves those logical paths against the process working directory, notasset_rootThis means that if
asset_root != CWD, selecting a returned asset path in a pipeline would either fail validation or read a stale file from<cwd>/samples/....Current Impact
None in production. The
asset_rootfield is hidden from the config schema (#[schemars(skip)]) and defaults tocurrent_dir()when unset. It was introduced in #520 purely for test isolation (replacingfigment::JailCWD mutation withTempDir).Fix needed if
asset_rootis ever promoted to user-facing configfile_security.rspath resolution and any other downstream consumers ofsamples/...paths would need to resolve againstasset_rootinstead of (or in addition to) CWD.Related
asset_root