From a7a8636e03505078b99e2054bfe0d48d8a2a3505 Mon Sep 17 00:00:00 2001
From: Arsh Verma <arshverma.dev@gmail.com>
Date: Fri, 22 May 2026 02:30:55 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 27: Uncontrolled
 data used in path expression

Co-authored-by: Arsh Verma <arshverma.dev@gmail.com>

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 sentinelops-backend/app/services/local_git_service.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sentinelops-backend/app/services/local_git_service.py b/sentinelops-backend/app/services/local_git_service.py
index 1e53001..84afb30 100644
--- a/sentinelops-backend/app/services/local_git_service.py
+++ b/sentinelops-backend/app/services/local_git_service.py
@@ -28,8 +28,11 @@
 REPOS_CONFIG_PATH = os.path.join(
     os.path.dirname(__file__), "..", "..", "linked_repos.json"
 )
-ALLOWED_REPO_ROOT = os.path.realpath(
-    os.path.abspath(os.path.expanduser(os.environ.get("SENTINELOPS_REPO_ROOT", os.getcwd())))
+_configured_repo_root = os.environ.get("SENTINELOPS_REPO_ROOT")
+ALLOWED_REPO_ROOT = (
+    os.path.realpath(os.path.abspath(os.path.expanduser(_configured_repo_root)))
+    if _configured_repo_root
+    else ""
 )