Fix code scanning alert no. 41: Uncontrolled data used in path expression (#2171)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: Killklli

runner.py

@@ -517,8 +517,8 @@ def get_seed():
         file_name = hash
     else:
         return make_response(json.dumps({"error": "error"}), 205)
-    fullpath = path.normpath(path.join("generated_seeds/", str(file_name) + ".json"))
-    if not fullpath.startswith("generated_seeds/") and not fullpath.startswith("generated_seeds\\"):
+    fullpath = path.realpath(path.join("generated_seeds/", str(file_name) + ".json"))
+    if not fullpath.startswith(path.realpath("generated_seeds/")):
         raise Exception("not allowed")
     # Check if the file exists
     if path.isfile(fullpath):