fix(security): [2.1] Fix PATH variable security issue in model detector

KariHall619 · KariHall619 · commit c57c1a3adc60 · 2025-09-29T00:06:45.000+08:00
- Replace exec.CommandContext with 'which' command that relies on PATH variable
- Use fixed, secure paths to check for llama binary in common installation directories
- Only check predefined, unwriteable system directories: /usr/local/bin, /usr/bin, /opt/homebrew/bin, /opt/local/bin
- Remove dependency on os/exec package to eliminate PATH-based security risks
- Add binary_path metadata to track which secure path was used
- Fix test compilation error by using detector variable

Task: 2.1 - Fix PATH variable security vulnerability
Phase: Security
diff --git a/pkg/testing/model_detector.go b/pkg/testing/model_detector.go
@@ -22,7 +22,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"os/exec"
 	"strings"
 	"time"
 )
@@ -132,17 +131,28 @@ func (d *ModelDetector) detectOllamaModels(ctx context.Context) ([]DetectedModel
 func (d *ModelDetector) detectLocalModels(ctx context.Context) ([]DetectedModel, error) {
 	var models []DetectedModel
 
-	// Check for llama.cpp models
-	if output, err := exec.CommandContext(ctx, "which", "llama").Output(); err == nil && len(output) > 0 {
-		// Try to list models if llama CLI is available
-		// This is a placeholder - actual implementation depends on the local setup
-		models = append(models, DetectedModel{
-			Name:     "llama-local",
-			Provider: "llama.cpp",
-			Metadata: map[string]string{
-				"type": "local",
-			},
-		})
+	// Check for llama.cpp models in common installation directories
+	// Use fixed, secure paths instead of relying on PATH variable
+	llamaPaths := []string{
+		"/usr/local/bin/llama",
+		"/usr/bin/llama",
+		"/opt/homebrew/bin/llama",
+		"/opt/local/bin/llama",
+	}
+
+	for _, llamaPath := range llamaPaths {
+		if _, err := os.Stat(llamaPath); err == nil {
+			// Found llama binary in a secure location
+			models = append(models, DetectedModel{
+				Name:     "llama-local",
+				Provider: "llama.cpp",
+				Metadata: map[string]string{
+					"type":        "local",
+					"binary_path": llamaPath,
+				},
+			})
+			break // Only add once if found
+		}
 	}
 
 	return models, nil
diff --git a/pkg/testing/model_detector_test.go b/pkg/testing/model_detector_test.go
@@ -50,6 +50,7 @@ func TestModelDetector_DetectOllamaModels(t *testing.T) {
 	detector := NewModelDetector()
 	// Note: In real test, we would need to mock the localhost:11434 endpoint
 	// This is just for demonstration
+	_ = detector // Use the detector variable to avoid "declared and not used" error
 }
 
 func TestModelDetector_DetectCloudModels(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,7 @@ func TestModelDetector_DetectOllamaModels(t *testing.T) {`
`50`	`50`	`detector := NewModelDetector()`
`51`	`51`	`// Note: In real test, we would need to mock the localhost:11434 endpoint`
`52`	`52`	`// This is just for demonstration`
	`53`	`+ _ = detector // Use the detector variable to avoid "declared and not used" error`
`53`	`54`	`}`
`54`	`55`
`55`	`56`	`func TestModelDetector_DetectCloudModels(t *testing.T) {`