mirror of
https://github.com/LearningCircuit/local-deep-research.git
synced 2026-06-16 03:51:07 +03:00
fix: Configure CodeQL to exclude intentional local file indexing
- Add CodeQL config to exclude py/path-injection for rag_routes.py - This is intentional behavior - users index their own filesystem - System directories are validated and blocked after construction - Update workflow to use config file
This commit is contained in:
LearningCircuit
16
.github/codeql/codeql-config.yml
vendored
Normal file
16
.github/codeql/codeql-config.yml
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
name: "CodeQL Config"
|
||||
|
||||
# Paths to ignore - exclude test files and intentional security-reviewed features
|
||||
paths-ignore:
|
||||
- '**/tests/**'
|
||||
- '**/test_*.py'
|
||||
- '**/*_test.py'
|
||||
|
||||
# Query-specific path exclusions for intentional behaviors
|
||||
query-filters:
|
||||
- exclude:
|
||||
id: py/path-injection
|
||||
paths:
|
||||
# Local file indexing feature - users intentionally index their filesystem
|
||||
# System directories are validated and blocked after path construction
|
||||
- src/local_deep_research/research_library/routes/rag_routes.py
|
||||
Reference in New Issue
Block a user