Deal with codeQL alert: Uncontrolled data used in path expression

[diw-zw]

Deal with "Uncontrolled data used in path expression" error reported by CodeQL

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[Copilot]

Pull request overview

Addresses a CodeQL alert (“Uncontrolled data used in path expression”) by tightening path handling in the benchmark dashboard and improving integer parsing safety in a reconciler utility.

Changes:

• Updated the benchmark dashboard server constructor to normalize dataDir to an absolute path and propagate errors.
• Reworked result/image path construction to use a new isSafeRelativePath helper and added additional input checks.
• Improved GetPodComponentID parsing by using strconv.ParseInt with error handling.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 9 comments.

File	Description
pkg/reconciler/roleinstance/utils/instance_utils.go	Switches component ID parsing to ParseInt and adds explicit parse error handling.
cmd/cli/cmd/llm/benchmark/dashboard/main.go	Updates server creation to handle the new NewServer error return.
cmd/cli/cmd/llm/benchmark/dashboard/handlers.go	Introduces absolute dataDir, adds isSafeRelativePath, and refactors result/image path handling and validation.
cmd/cli/cmd/llm/benchmark/dashboard/handlers_test.go	Replaces prior path-safety tests with new tests focused on isSafeRelativePath and NewServer.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

GetPodComponentID returns 0 when parsing the component ID fails. Since 0 is a valid replica index, this can cause collisions in callers (e.g., sets of existing IDs) and lead to incorrect scale/delete decisions when labels/pod names are malformed. Consider returning a sentinel value (e.g., -1) and/or falling back to parsing from pod.Name when the label parse fails, so parse errors don't masquerade as component ID 0.

[Copilot]

The manual strings.Contains(name, "..") checks reject any name containing consecutive dots (e.g., exp..v2), while isValidName only rejects ".." as the whole name and otherwise permits dots. This creates inconsistent validation behavior between endpoints and helpers. Consider centralizing validation in isValidName/isSafeRelativePath and making the rules consistent (either allow .. inside names or explicitly disallow it in isValidName and update tests/docs).

Suggested change

	if strings.Contains(experimentName, "/") || strings.Contains(experimentName, "\\") || strings.Contains(experimentName, "..") {
	s.writeError(w, http.StatusBadRequest, fmt.Sprintf("Invalid file name: %s", experimentName))
	return
	}
	if strings.Contains(fileName, "/") || strings.Contains(fileName, "\\") || strings.Contains(fileName, "..") {
	// Reject explicit path separators in single path components and rely on
	// isSafeRelativePath for centralized traversal-safe validation.
	if strings.Contains(experimentName, "/") || strings.Contains(experimentName, "\\") {
	s.writeError(w, http.StatusBadRequest, fmt.Sprintf("Invalid file name: %s", experimentName))
	return
	}
	if strings.Contains(fileName, "/") || strings.Contains(fileName, "\\") {

[diw-zw]

Addresses CodeQL warning: "Uncontrolled data used in path expression".

We should enforce validation to prevent users from creating files with .. in their names.

[cheyang]

/lgtm
/approve