Potential fix for code scanning alert no. 21: Uncontrolled data used in path expression

[ArshVermaGit]

Potential fix for https://github.com/ArshVermaGit/SentinelOps-Autonomous-DevOps-AI/security/code-scanning/21

Use a strict, explicit safe-path construction for the .git directory check in _validate_repo_path_for_linking:

• Build the candidate .git path with os.path.join.
• Canonicalize it via os.path.realpath.
• Verify the canonical .git path is still within the canonical repo root using os.path.commonpath.
• Only then call os.path.isdir on that canonical .git path.

This keeps current functionality (must be an existing Git repo under allowed root) while preventing path-expression concerns and making sanitization explicit at the sink.

Edit region:

• sentinelops-backend/app/services/local_git_service.py
• Method: _validate_repo_path_for_linking
• Replace the current line if not os.path.isdir(os.path.join(normalized, ".git")): with hardened logic.

No new dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[ArshVermaGit]

This looks like a sensible hardening improvement with minimal functional impact. Building the .git path explicitly, canonicalizing it with os.path.realpath, and verifying containment against the canonical repo root before the isdir check makes the trust boundary much clearer and reduces ambiguity around path handling at the filesystem sink. I also like that this keeps the existing behavior intact — valid repos under the allowed root continue to work, while edge cases involving traversal, symlinks, or unexpected path resolution are handled more defensively. Overall, this feels like a clean, targeted fix that strengthens validation without overcomplicating the flow.