actually resolve file path properly to address codeql alert

Author: msukkari

packages/web/src/features/agents/review-agent/lib.ts

@@ -5,5 +5,9 @@ import fs from "fs";
 export const REVIEW_AGENT_LOG_DIR = env.DATA_CACHE_DIR + "/review-agent";
 
 export const appendReviewAgentLog = (logFileName: string, log: string): void => {
-    fs.appendFileSync(path.join(REVIEW_AGENT_LOG_DIR, logFileName), log);
+    const resolvedPath = path.resolve(REVIEW_AGENT_LOG_DIR, logFileName);
+    if (!resolvedPath.startsWith(path.resolve(REVIEW_AGENT_LOG_DIR) + path.sep)) {
+        throw new Error(`Invalid log file path: ${logFileName}`);
+    }
+    fs.appendFileSync(resolvedPath, log);
 };