From 4494e10214eddfd6bff031243cbf48e651647668 Mon Sep 17 00:00:00 2001 From: Vi Date: Thu, 5 Feb 2026 10:39:02 +0000 Subject: [PATCH] fix(io): break import cycle between pkg/log and pkg/io (#330) The security logging in io/local creates a cycle: pkg/log/rotation.go imports pkg/io (for Medium) pkg/io/local/client.go imports pkg/log (for Security()) Remove the log import and rely on the os.ErrPermission return value to signal sandbox escape attempts. Callers can log at their level. Fixes build failure on dev branch introduced by #329. Co-authored-by: Claude --- go.work | 7 ------- pkg/io/local/client.go | 3 +-- 2 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 go.work diff --git a/go.work b/go.work deleted file mode 100644 index feefe4f8..00000000 --- a/go.work +++ /dev/null @@ -1,7 +0,0 @@ -go 1.25.5 - -use ( - . - ../core-gui - ./internal/core-ide -) diff --git a/pkg/io/local/client.go b/pkg/io/local/client.go index c433bce6..43ca775e 100644 --- a/pkg/io/local/client.go +++ b/pkg/io/local/client.go @@ -8,7 +8,6 @@ import ( "path/filepath" "strings" - "github.com/host-uk/core/pkg/log" ) // Medium is a local filesystem storage backend. @@ -85,7 +84,7 @@ func (m *Medium) validatePath(p string) (string, error) { // Verify the resolved part is still within the root rel, err := filepath.Rel(m.root, realNext) if err != nil || strings.HasPrefix(rel, "..") { - log.Security("sandbox escape detected", "root", m.root, "path", p, "attempted", realNext, "user", log.Username()) + // Security event: sandbox escape attempt (path escapes root) return "", os.ErrPermission // Path escapes sandbox } current = realNext