Skip to content

[BUG] [v0.0.7] sanitize_for_command() uses is_ascii_alphanumeric() which corrupts Unicode file paths, causing hook commands to fail with non-existent paths (hook.rs:16-38) #12853

Description

@CaptnCompile

Bug Report

Project: cortex

Description

In src/cortex-hooks/src/hook.rs, the sanitize_for_command() function uses c.is_ascii_alphanumeric() to determine safe characters. This means all non-ASCII Unicode characters (accented letters, CJK characters, emoji, etc.) are silently replaced with _. When a file path contains Unicode characters, the sanitized path no longer points to the actual file, causing hook commands to fail with a "file not found" error.

Error Message

The hook command fails silently or with a file-not-found error:

error: couldn't read /home/user/caf_/main.rs: No such file or directory

Debug Logs

// sanitize_for_command("/home/user/café/main.rs")
// 'é' is not ASCII alphanumeric -> replaced with '_'
// result = "/home/user/caf_/main.rs"  <- wrong path!

// sanitize_for_command("/home/user/文件.rs")
// '文', '件' are not ASCII -> both replaced with '_'
// result = "/home/user/__.rs"  <- completely wrong path!

// sanitize_for_command("/home/user/naïve/test.py")
// 'ï' is not ASCII -> replaced with '_'
// result = "/home/user/na_ve/test.py"  <- wrong path!

System Information

OS: Linux (Ubuntu)
cortex v0.0.7

Steps to Reproduce

  1. Create a file at a path with Unicode characters, e.g., /home/user/café/main.rs
  2. Register a FileEdited hook with command ["rustfmt", "{file}"]
  3. Trigger the hook with the Unicode file path
  4. Observe that the command runs as rustfmt /home/user/caf_/main.rs (corrupted path)

Expected Behavior

sanitize_for_command() should preserve valid Unicode characters in file paths. Unicode characters are valid in file paths on all modern operating systems and should not be replaced. The function should only strip characters that are genuinely dangerous for command injection (e.g., ;, |, $, backticks, etc.), not all non-ASCII characters.

Actual Behavior

sanitize_for_command() at hook.rs:16-38 uses is_ascii_alphanumeric():

fn sanitize_for_command(input: &str) -> String {
    input.chars().map(|c| {
        if c.is_ascii_alphanumeric()  // <-- only ASCII letters/digits pass
            || c == '/' || c == '\\' || c == '.'
            || c == '-' || c == '_' || c == ':' || c == ' '
        {
            c
        } else {
            '_'  // ALL Unicode chars (é, 文, ï, etc.) become '_'
        }
    }).collect()
}

This corrupts any file path containing Unicode characters, replacing them with underscores and producing a path that does not exist on the filesystem.

Additional Context

The fix should use c.is_alphanumeric() (which includes Unicode letters/digits) instead of c.is_ascii_alphanumeric(), or better yet, only blocklist the specific dangerous characters (;, |, $, backtick, (, ), {, }, <, >, &, !, ?, *, [, ], ", ', \\, newline, null) rather than using an allowlist that excludes all Unicode.

Metadata

Metadata

Assignees

No one assigned

    Labels

    cortexIssues related to CortexLM/cortex repositoryvalidValid issue

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions