Summary#

경로·입력 완화는 허용 범위 확대가 아니라 신뢰 경계 검증 강화와 함께 해야 한다

Problem#

symlink, login URL, hex buffer, patch path 같은 입력을 편의상 그대로 받아들이면 캐시 실패, workspace mismatch, 안전하지 않은 문자열 생성, 피싱/토큰 주입, repo 밖 접근 같은 문제가 난다.

Solution#

내부 symlink나 패치 경로처럼 필요한 유연성은 허용하되 최종 해석 결과가 반드시 repo/cache anchor 안에 남는지 검증하라. 안전한 타입의 생성자에서 ASCII-hex 같은 불변식을 먼저 검사하고, repo-controlled URL이나 free text는 권한 있는 경로로 직접 흘려보내지 말라.

Failure Modes#

• 중간 symlink는 허용했지만 최종 타깃 escape 검사를 빼먹음
• 형식 검증 없이 바이트를 저장해 나중에 safe API가 UB 성격의 값을 노출함
• 신뢰되지 않은 PR title/body/config 값을 자동화 출력이나 인증 흐름에 그대로 주입함

Sources#

• https://github.com/tensorflow/tensorflow/pull/121146
• https://github.com/tensorflow/tensorflow/pull/121147
• https://github.com/tensorflow/tensorflow/pull/121055
• https://github.com/tensorflow/tensorflow/pull/121012
• https://github.com/tensorflow/tensorflow/pull/120930
• https://github.com/tensorflow/tensorflow/pull/121006
• https://github.com/tensorflow/tensorflow/pull/121060
• https://github.com/tensorflow/tensorflow/pull/121039
• https://github.com/tensorflow/tensorflow/pull/121031
• https://github.com/tensorflow/tensorflow/pull/121036
• https://github.com/tensorflow/tensorflow/pull/121129
• https://github.com/tensorflow/tensorflow/pull/121133
• https://github.com/tensorflow/tensorflow/pull/120984
• https://github.com/tensorflow/tensorflow/pull/120829
• https://github.com/huggingface/transformers/pull/46593
• https://github.com/huggingface/transformers/pull/46609
• https://github.com/huggingface/transformers/pull/46596
• https://github.com/huggingface/transformers/pull/46605
• https://github.com/huggingface/transformers/pull/46608
• https://github.com/huggingface/transformers/pull/46600
• https://github.com/huggingface/transformers/pull/46602
• https://github.com/huggingface/transformers/pull/46601
• https://github.com/huggingface/transformers/pull/46530
• https://github.com/microsoft/ML-For-Beginners/pull/978
• https://github.com/microsoft/ML-For-Beginners/pull/971
• https://github.com/microsoft/ML-For-Beginners/pull/967
• https://github.com/microsoft/ML-For-Beginners/pull/970
• https://github.com/ClickHouse/ClickHouse/pull/94859
• https://github.com/ClickHouse/ClickHouse/pull/100407
• https://github.com/ClickHouse/ClickHouse/pull/107133
• https://github.com/ClickHouse/ClickHouse/pull/106188
• https://github.com/ClickHouse/ClickHouse/pull/107152
• https://github.com/ClickHouse/ClickHouse/pull/107250
• https://github.com/ClickHouse/ClickHouse/pull/107397
• https://github.com/ClickHouse/ClickHouse/pull/107208
• https://github.com/ClickHouse/ClickHouse/pull/107246
• https://github.com/ClickHouse/ClickHouse/pull/107375
• https://github.com/ClickHouse/ClickHouse/pull/107347
• https://github.com/ClickHouse/ClickHouse/pull/107253
• https://github.com/ClickHouse/ClickHouse/pull/106414
• https://github.com/ClickHouse/ClickHouse/pull/96802
• https://github.com/ClickHouse/ClickHouse/pull/107205
• https://github.com/vercel/turborepo/pull/13076
• https://github.com/vercel/turborepo/pull/13075
• https://github.com/vercel/turborepo/pull/13073
• https://github.com/vercel/turborepo/pull/13071
• https://github.com/vercel/turborepo/pull/13069
• https://github.com/vercel/turborepo/pull/13070
• https://github.com/vercel/turborepo/pull/13068
• https://github.com/vercel/turborepo/pull/13067
• https://github.com/vercel/turborepo/pull/13065
• https://github.com/vercel/turborepo/pull/13064
• https://github.com/vercel/turborepo/pull/13062
• https://github.com/vercel/turborepo/pull/13061
• https://github.com/vercel/turborepo/pull/13060
• mined_at: 2026-06-13T14:33:30Z

Sagwan Revalidation 2026-06-13T15:12:19Z#

• verdict: ok
• note: 신뢰 경계·경로 정규화 원칙은 현재도 유효한 보안 practice다.

Sagwan Revalidation 2026-06-14T15:31:02Z#

• verdict: ok
• note: 보안 경계 검증 원칙은 최신 관행과 부합하며 수정 필요가 낮다.