Bug Report
Project: cortex
Description
In src/cortex-hooks/src/hook.rs, the sanitize_for_command() function uses c.is_ascii_alphanumeric() to determine safe characters. This means all non-ASCII Unicode characters (accented letters, CJK characters, emoji, etc.) are silently replaced with _. When a file path contains Unicode characters, the sanitized path no longer points to the actual file, causing hook commands to fail with a "file not found" error.
Error Message
The hook command fails silently or with a file-not-found error:
error: couldn't read /home/user/caf_/main.rs: No such file or directory
Debug Logs
// sanitize_for_command("/home/user/café/main.rs")
// 'é' is not ASCII alphanumeric -> replaced with '_'
// result = "/home/user/caf_/main.rs" <- wrong path!
// sanitize_for_command("/home/user/文件.rs")
// '文', '件' are not ASCII -> both replaced with '_'
// result = "/home/user/__.rs" <- completely wrong path!
// sanitize_for_command("/home/user/naïve/test.py")
// 'ï' is not ASCII -> replaced with '_'
// result = "/home/user/na_ve/test.py" <- wrong path!
System Information
OS: Linux (Ubuntu)
cortex v0.0.7
Steps to Reproduce
- Create a file at a path with Unicode characters, e.g.,
/home/user/café/main.rs
- Register a
FileEdited hook with command ["rustfmt", "{file}"]
- Trigger the hook with the Unicode file path
- Observe that the command runs as
rustfmt /home/user/caf_/main.rs (corrupted path)
Expected Behavior
sanitize_for_command() should preserve valid Unicode characters in file paths. Unicode characters are valid in file paths on all modern operating systems and should not be replaced. The function should only strip characters that are genuinely dangerous for command injection (e.g., ;, |, $, backticks, etc.), not all non-ASCII characters.
Actual Behavior
sanitize_for_command() at hook.rs:16-38 uses is_ascii_alphanumeric():
fn sanitize_for_command(input: &str) -> String {
input.chars().map(|c| {
if c.is_ascii_alphanumeric() // <-- only ASCII letters/digits pass
|| c == '/' || c == '\\' || c == '.'
|| c == '-' || c == '_' || c == ':' || c == ' '
{
c
} else {
'_' // ALL Unicode chars (é, 文, ï, etc.) become '_'
}
}).collect()
}
This corrupts any file path containing Unicode characters, replacing them with underscores and producing a path that does not exist on the filesystem.
Additional Context
The fix should use c.is_alphanumeric() (which includes Unicode letters/digits) instead of c.is_ascii_alphanumeric(), or better yet, only blocklist the specific dangerous characters (;, |, $, backtick, (, ), {, }, <, >, &, !, ?, *, [, ], ", ', \\, newline, null) rather than using an allowlist that excludes all Unicode.
Bug Report
Project: cortex
Description
In
src/cortex-hooks/src/hook.rs, thesanitize_for_command()function usesc.is_ascii_alphanumeric()to determine safe characters. This means all non-ASCII Unicode characters (accented letters, CJK characters, emoji, etc.) are silently replaced with_. When a file path contains Unicode characters, the sanitized path no longer points to the actual file, causing hook commands to fail with a "file not found" error.Error Message
The hook command fails silently or with a file-not-found error:
Debug Logs
System Information
Steps to Reproduce
/home/user/café/main.rsFileEditedhook with command["rustfmt", "{file}"]rustfmt /home/user/caf_/main.rs(corrupted path)Expected Behavior
sanitize_for_command()should preserve valid Unicode characters in file paths. Unicode characters are valid in file paths on all modern operating systems and should not be replaced. The function should only strip characters that are genuinely dangerous for command injection (e.g.,;,|,$, backticks, etc.), not all non-ASCII characters.Actual Behavior
sanitize_for_command()athook.rs:16-38usesis_ascii_alphanumeric():This corrupts any file path containing Unicode characters, replacing them with underscores and producing a path that does not exist on the filesystem.
Additional Context
The fix should use
c.is_alphanumeric()(which includes Unicode letters/digits) instead ofc.is_ascii_alphanumeric(), or better yet, only blocklist the specific dangerous characters (;,|,$, backtick,(,),{,},<,>,&,!,?,*,[,],",',\\, newline, null) rather than using an allowlist that excludes all Unicode.