fix: add path validation for remaining Python file operations (PT vulnerabilities)

devin-ai-integration[bot] · jakexcosme · devin-ai-integration[bot] · commit 2e887ac7ef41 · 2025-10-21T16:59:49.000Z
- convert_legacy_llama.py: Add file existence check before opening
- inspect-org-model.py: Validate index file before opening
- gguf_new_metadata.py: Validate chat template config and file paths
- convert_image_encoder_to_gguf.py: Validate vocab.json and config.json paths
- glmedge-convert-image-encoder-to-gguf.py: Validate vocab.json and config.json paths
- minicpmv-convert-image-encoder-to-gguf.py: Validate vocab.json path

Addresses remaining Python path traversal vulnerabilities (CWE-23)

Co-Authored-By: Jake Cosme &lt;jake@cognition.ai&gt;
diff --git a/examples/convert_legacy_llama.py b/examples/convert_legacy_llama.py
@@ -679,6 +679,8 @@ def must_read(fp: IO[bytes], length: int) -> bytes:
 
 @functools.lru_cache(maxsize=None)
 def lazy_load_file(path: Path) -> ModelPlus:
+    if not os.path.isfile(path):
+        raise ValueError(f"File does not exist: {path}")
     fp = open(path, 'rb')
     first8 = fp.read(8)
     fp.seek(0)
diff --git a/examples/model-conversion/scripts/utils/inspect-org-model.py b/examples/model-conversion/scripts/utils/inspect-org-model.py
@@ -22,6 +22,9 @@
     # Multi-file model
     print("Multi-file model detected")
 
+    if not os.path.isfile(index_path) or not index_path.endswith('.json'):
+        print(f"Error: Invalid index file: {index_path}")
+        exit(1)
     with open(index_path, 'r') as f:
         index_data = json.load(f)
 
diff --git a/gguf-py/gguf/scripts/gguf_new_metadata.py b/gguf-py/gguf/scripts/gguf_new_metadata.py
@@ -135,13 +135,19 @@ def main() -> None:
         new_metadata[gguf.Keys.Tokenizer.CHAT_TEMPLATE] = MetadataDetails(gguf.GGUFValueType.STRING, json.loads(args.chat_template) if args.chat_template.startswith('[') else args.chat_template)
 
     if args.chat_template_config:
+        if not os.path.isfile(args.chat_template_config) or not str(args.chat_template_config).endswith('.json'):
+            logger.error(f"Invalid chat template config file: {args.chat_template_config}")
+            sys.exit(1)
         with open(args.chat_template_config, 'r', encoding='utf-8') as fp:
             config = json.load(fp)
             template = config.get('chat_template')
             if template:
                 new_metadata[gguf.Keys.Tokenizer.CHAT_TEMPLATE] = MetadataDetails(gguf.GGUFValueType.STRING, template)
 
     if args.chat_template_file:
+        if not os.path.isfile(args.chat_template_file):
+            logger.error(f"Chat template file does not exist: {args.chat_template_file}")
+            sys.exit(1)
         with open(args.chat_template_file, 'r', encoding='utf-8') as fp:
             template = fp.read()
             new_metadata[gguf.Keys.Tokenizer.CHAT_TEMPLATE] = MetadataDetails(gguf.GGUFValueType.STRING, template)
diff --git a/tools/mtmd/legacy-models/convert_image_encoder_to_gguf.py b/tools/mtmd/legacy-models/convert_image_encoder_to_gguf.py
@@ -137,11 +137,19 @@ def bytes_to_unicode():
     vocab = None
     tokens = None
 else:
-    with open(dir_model + "/vocab.json", "r", encoding="utf-8") as f:
+    vocab_path = dir_model + "/vocab.json"
+    if not os.path.isfile(vocab_path):
+        print(f"Error: vocab.json not found at {vocab_path}")
+        sys.exit(1)
+    with open(vocab_path, "r", encoding="utf-8") as f:
         vocab = json.load(f)
         tokens = [key for key in vocab]
 
-with open(dir_model + "/config.json", "r", encoding="utf-8") as f:
+config_path = dir_model + "/config.json"
+if not os.path.isfile(config_path):
+    print(f"Error: config.json not found at {config_path}")
+    sys.exit(1)
+with open(config_path, "r", encoding="utf-8") as f:
     config = json.load(f)
     if args.clip_model_is_vision:
         v_hparams = config
diff --git a/tools/mtmd/legacy-models/glmedge-convert-image-encoder-to-gguf.py b/tools/mtmd/legacy-models/glmedge-convert-image-encoder-to-gguf.py
@@ -124,11 +124,19 @@ def bytes_to_unicode():
     vocab = None
     tokens = None
 else:
-    with open(dir_model + "/vocab.json", "r", encoding="utf-8") as f:
+    vocab_path = dir_model + "/vocab.json"
+    if not os.path.isfile(vocab_path):
+        print(f"Error: vocab.json not found at {vocab_path}")
+        sys.exit(1)
+    with open(vocab_path, "r", encoding="utf-8") as f:
         vocab = json.load(f)
         tokens = [key for key in vocab]
 
-with open(dir_model + "/config.json", "r", encoding="utf-8") as f:
+config_path = dir_model + "/config.json"
+if not os.path.isfile(config_path):
+    print(f"Error: config.json not found at {config_path}")
+    sys.exit(1)
+with open(config_path, "r", encoding="utf-8") as f:
     config = json.load(f)
     if args.clip_model_is_vision:
         v_hparams = config
diff --git a/tools/mtmd/legacy-models/minicpmv-convert-image-encoder-to-gguf.py b/tools/mtmd/legacy-models/minicpmv-convert-image-encoder-to-gguf.py
@@ -542,7 +542,11 @@ def bytes_to_unicode():
     vocab = None
     tokens = None
 else:
-    with open(dir_model + "/vocab.json", "r", encoding="utf-8") as f:
+    vocab_path = dir_model + "/vocab.json"
+    if not os.path.isfile(vocab_path):
+        print(f"Error: vocab.json not found at {vocab_path}")
+        sys.exit(1)
+    with open(vocab_path, "r", encoding="utf-8") as f:
         vocab = json.load(f)
         tokens = [key for key in vocab]
 
