Skip to content

Get rid of ~/src folder and paste file mounts directly in homedir/sky_workdir#1441

Merged
deep1401 merged 2 commits intomainfrom
fix/file-mounts
Mar 4, 2026
Merged

Get rid of ~/src folder and paste file mounts directly in homedir/sky_workdir#1441
deep1401 merged 2 commits intomainfrom
fix/file-mounts

Conversation

@deep1401
Copy link
Copy Markdown
Member

@deep1401 deep1401 commented Mar 3, 2026

No description provided.

@paragon-review
Copy link
Copy Markdown

paragon-review bot commented Mar 3, 2026

Paragon Summary

This pull request review identified 2 issues across 2 categories in 3 files. The review analyzed code changes, potential bugs, security vulnerabilities, performance issues, and code quality concerns using automated analysis tools.

This PR eliminates the intermediate ~/src folder by moving file mounts directly into the home directory and sky_workdir, simplifying the directory structure. The change affects the lab SDK facade and updates both the API and SDK package configurations.

Key changes:

  • Removes ~/src folder structure for file mounts
  • Relocates file mounts directly to homedir/sky_workdir
  • Updates Python project configurations in both api/ and lab-sdk/
  • Modifies lab_facade.py to use new directory paths

Confidence score: 3/5

  • This PR has moderate risk due to 1 high-priority issue that should be addressed
  • Score reflects significant bugs, performance issues, or architectural concerns
  • Review high-priority findings carefully before merging

3 files reviewed, 2 comments

Severity breakdown: High: 1, Medium: 1

Tip: @paragon-run <instructions> to chat with our agent or push fixes!

Dashboard

paragon-review[bot]
paragon-review bot reviewed Mar 3, 2026
View reviewed changes
Comment thread lab-sdk/src/lab/lab_facade.py
return
dest_dir = os.path.expanduser("~/src")
os.makedirs(dest_dir, exist_ok=True)
home_dir = os.path.expanduser("~")
Copy link
Copy Markdown

@paragon-review paragon-review bot Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Fallback dest_dir resolves to bare home directory

Fallback dest_dir resolves to bare home directory. Task files may overwrite dotfiles like .bashrc or .ssh keys. Use a dedicated subdirectory instead.

View Details

Location: lab-sdk/src/lab/lab_facade.py (lines 294)

Analysis

**Fallback dest_dir resolves to bare home directory. Task files may overwrite dotfiles like **
What fails When /sky_workdir doesn't exist, dest_dir falls back to the bare home directory (). Task files copied there can silently overwrite user dotfiles (.bashrc, .profile, .ssh/authorized_keys).
Result User dotfiles are silently overwritten with task content, potentially destroying SSH keys, shell configs, or credentials.
Expected Files should be copied to a dedicated subdirectory (e.g., ~/tfl_workdir) that is created if missing, never directly into ~.
Impact Data loss and environment corruption. A malicious or misconfigured task could destroy SSH keys or credentials. On shared machines this is a privilege-escalation vector.
How to reproduce 
1. Ensure ~/sky_workdir does not exist
2. Run a job that triggers copy_file_mounts
3. Include a task file named .bashrc or .gitconfig
4. Observe it overwrites the real dotfile in ~
Patch Details 
-            dest_dir = home_dir
+            dest_dir = os.path.join(home_dir, "tfl_workdir")
+            os.makedirs(dest_dir, exist_ok=True)
AI Fix Prompt 
Fix this issue: Fallback dest_dir resolves to bare home directory. Task files may overwrite dotfiles like .bashrc or .ssh keys. Use a dedicated subdirectory instead.

Location: lab-sdk/src/lab/lab_facade.py (lines 294)
Problem: When ~/sky_workdir doesn't exist, dest_dir falls back to the bare home directory (~). Task files copied there can silently overwrite user dotfiles (.bashrc, .profile, .ssh/authorized_keys).
Current behavior: User dotfiles are silently overwritten with task content, potentially destroying SSH keys, shell configs, or credentials.
Expected: Files should be copied to a dedicated subdirectory (e.g., ~/tfl_workdir) that is created if missing, never directly into ~.
Steps to reproduce: 1. Ensure ~/sky_workdir does not exist
2. Run a job that triggers copy_file_mounts
3. Include a task file named .bashrc or .gitconfig
4. Observe it overwrites the real dotfile in ~

Provide a code fix.

Tip: Reply with @paragon-run to automatically fix this issue

Comment thread lab-sdk/src/lab/lab_facade.py
@sentry
Copy link
Copy Markdown

sentry bot commented Mar 3, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@deep1401 deep1401 merged commit 5ab0a49 into main Mar 4, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paragon-review paragon-review[bot] paragon-review[bot] left review comments

@aliasaria aliasaria aliasaria approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deep1401 @aliasaria