From 6c5fd3be5d4258cdae0be4b1ad0175a3452c0ab2 Mon Sep 17 00:00:00 2001
From: ZePan110 <ze.pan@intel.com>
Date: Mon, 15 Dec 2025 16:34:26 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 427: Uncontrolled
 data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 EdgeCraftRAG/edgecraftrag/utils.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/EdgeCraftRAG/edgecraftrag/utils.py b/EdgeCraftRAG/edgecraftrag/utils.py
index db9a2d56ba..a4b06ebf97 100644
--- a/EdgeCraftRAG/edgecraftrag/utils.py
+++ b/EdgeCraftRAG/edgecraftrag/utils.py
@@ -45,7 +45,14 @@ def get_prompt_template(model_path, prompt_content=None, template_path=None, ena
     if prompt_content is not None:
         template = prompt_content
     elif template_path is not None:
-        template = Path(template_path).read_text(encoding=None)
+        # Safely load the template only if it is inside /templates (or other safe root)
+        safe_root = "/templates"
+        normalized_path = os.path.normpath(os.path.join(safe_root, template_path))
+        if not normalized_path.startswith(safe_root):
+            raise ValueError("Template path is outside of the allowed directory.")
+        if not os.path.exists(normalized_path):
+            raise FileNotFoundError("Template file does not exist.")
+        template = Path(normalized_path).read_text(encoding=None)
     else:
         template = DEFAULT_TEMPLATE
     tokenizer = AutoTokenizer.from_pretrained(model_path)