Path traversal via custom context patterns in server mode; unbounded file reads #78
Description
Found during deep review of context fetching
1. Path traversal via custom context file patterns (MEDIUM-HIGH)
`src/core/context.rs`, lines 140-167:
```rust
let pattern_path = if Path::new(pattern).is_absolute() {
pattern.clone()
} else {
base_path.join(pattern).to_string_lossy().to_string()
};
if let Ok(entries) = glob(&pattern_path) { ... }
```
Patterns come from `config.custom_context[].files` in `.diffscope.toml`. In server/webhook mode, this config is loaded from the repository being reviewed. A malicious PR could add:
```toml
[[custom_context]]
files = ["../../../etc/passwd", "/etc/shadow"]
```
The server would read these files and include them in the LLM prompt, exfiltrating secrets from the host.
Fix: Canonicalize paths and reject anything outside the repo root.
2. Unbounded file reads (context.rs:348-356)
`read_file_lossy` reads entire files with no size limit. A 1GB generated file referenced in a diff would be loaded fully into memory. The fallback path allocates both raw bytes AND the converted string.
Fix: Add a max file size check (e.g., 1MB) before reading.
3. MAX_CONTEXT_CHARS is per-chunk, not total budget
Each context chunk is truncated to 8000 chars individually. No limit on total chunks or total chars at the fetching level. Hundreds of files read before downstream trimming.
Acceptance
- Custom context paths validated against repo root (no `..` escape)
- Absolute paths rejected in server mode
- File size check before read (max 1MB)
- Total context budget enforced at fetch time
🤖 Generated with Claude Code