Reconsider use of `os` and `glob` modules for local personas search due to security and compatibility


1. There is an added security risk with loading any module matching the glob `.jupyter/personas/*persona*.py`. We should explore whether we can be more secure by default.

2. We are using the `os` and `glob` module to find persona files on the server's local filesystem. This will not work for Jupyter users with a custom/remote `ContentsManager` configured in their Jupyter Server.

_Originally posted by @dlqqq in https://github.com/jupyterlab/jupyter-ai/pull/1443#pullrequestreview-3107045566_
            

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Reconsider use of `os` and `glob` modules for local personas search due to security and compatibility #1448

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Reconsider use of os and glob modules for local personas search due to security and compatibility #1448

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Reconsider use of `os` and `glob` modules for local personas search due to security and compatibility #1448