fix: CodeQL path-injection alerts + bump vulnerable deps

[Yambr]

Summary

• CodeQL (27 High alerts): Added summaryModel YAML extension (.github/codeql/extensions/python-sanitizers.model.yml) declaring safe_path() and sanitize_chat_id() as taint barriers — CodeQL will recognise existing is_relative_to() / input-validation checks instead of flagging false positives.
• Dependency vulnerabilities (6 High CVEs): Bumped urllib3, pillow, pdfminer.six, cryptography, PyJWT, python-multipart to patched versions.

Dependency updates

Package	Before	After	CVE
urllib3	2.5.0	2.6.3	Decompression chain + redirects bypass
pillow	11.3.0	12.1.1	PSD out-of-bounds write
pdfminer.six	20250506	20260107	Pickle deserialization + code exec
cryptography	46.0.2	46.0.6	SECT curves subgroup attack
PyJWT	2.7.0	2.12.1	Unknown crit header extensions
python-multipart	0.0.20	0.0.22	Arbitrary file write

Not addressed (low risk)

• pypdf 5.9.0 — Moderate severity, no 5.x patch available, 6.x is a breaking major bump
• preview.js URL redirect — Medium, already has origin check + external link dialog

Test plan

• Verify CodeQL re-analysis shows reduced/eliminated High alerts
• Verify Dependabot alerts auto-close for bumped packages
• Run ./tests/test-project-structure.sh to confirm project structure intact
• If summaryModel doesn't suppress CodeQL alerts (Beta feature for Python), fallback: add str.startswith() to safe_path()

https://claude.ai/code/session_01FGhcXsPy8oV4EqLmscWckB

Summary by CodeRabbit

• Chores

  • Updated several pinned Python dependencies (PDF processing, imaging, HTTP, crypto, auth) and bumped python-multipart.

• Security

  • Enhanced automated code-scan configuration to load additional model packs and recognize extra sanitization helpers to improve analysis accuracy.

• Bug Fixes

  • Updated image thumbnailing to use the imaging library's newer API for more reliable previews.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e7891c4d-6838-4836-b321-596d6222370b

📥 Commits

Reviewing files that changed from the base of the PR and between d0e27e3 and 300f972.

📒 Files selected for processing (1)

• requirements.txt

✅ Files skipped from review due to trivial changes (1)

• requirements.txt

---

📝 Walkthrough

Walkthrough

Adds CodeQL config and a Python model extension marking specific functions as sanitizers, updates the CodeQL workflow to load that config, bumps several Python dependency versions, and updates an image-resizing call to use PIL's Resampling enum.

Changes

Cohort / File(s)	Summary
CodeQL config & models ​.github/codeql/codeql-config.yml, ​.github/codeql/extensions/python-sanitizers.model.yml	Adds a CodeQL configuration specifying model-packs and a model extension that marks Member[safe_path] and Member[sanitize_chat_id] as sanitizers (taint barriers).
CodeQL workflow ​.github/workflows/codeql.yml	github/codeql-action/init@v3 now receives config-file: ./ .github/codeql/codeql-config.yml (workflow init points to new config).
Dependency updates computer-use-server/requirements.txt, requirements.txt	Bumps python-multipart (0.0.20 → 0.0.22) and multiple root requirements: pdfplumber, pdfminer.six, pillow, urllib3, cryptography, PyJWT.
Image resizing API computer-use-server/mcp_tools.py	Replaces Image.LANCZOS with Image.Resampling.LANCZOS in the image thumbnailing one-liner.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Runner as GitHub Actions Runner
participant Init as codeql-action/init
participant Config as Repo CodeQL Config
participant ModelPacks as Model Packs
participant Analysis as CodeQL Engine

Runner->>Init: start CodeQL init (with config-file)
Init->>Config: read `./.github/codeql/codeql-config.yml`
Init->>ModelPacks: load specified model-packs (python, javascript)
ModelPacks-->>Analysis: provide model extensions (e.g., sanitizers)
Init->>Analysis: initialize analysis with loaded config and models
Runner->>Analysis: run CodeQL scan using initialized settings

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through configs, neat and spry,
I taught CodeQL to wink an eye,
Packages climbed their version tree,
Resampling danced for all to see,
A tiny hop toward tidy security!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title directly reflects the main changes: CodeQL configuration to address path-injection alerts and dependency updates to patch vulnerable packages.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/fix-codeql-vulnerabilities-R8IND

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/codeql/extensions/python-sanitizers.model.yml:
- Around line 17-22: The model for the safe_path function only marks Argument[0]
as contributing to ReturnValue, but safe_path(base_dir, *segments) combines
base_dir and all subsequent segments into the returned path; update the entry
for Member[safe_path] to model all arguments (use the range-syntax for
arguments, e.g. Argument[0..]) so CodeQL knows every input segment is validated
and the return value is sanitized.

In `@requirements.txt`:
- Line 21: The code uses the removed Pillow constant Image.LANCZOS (seen in
mcp_tools.py) which causes AttributeError with Pillow>=10; replace usages of
Image.LANCZOS with Image.Resampling.LANCZOS (e.g., change img.thumbnail((mx,mx),
Image.LANCZOS) to img.thumbnail((mx,mx), Image.Resampling.LANCZOS)) and ensure
imports reference PIL.Image so Image.Resampling is available; if
backward-compatibility is needed, add a small compatibility fallback that
resolves Resampling = getattr(Image, "Resampling", Image) before use.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 791b2d71-bea7-4c3b-94a6-6c56466a1bdb

📥 Commits

Reviewing files that changed from the base of the PR and between 33dbf34 and b0f197e.

📒 Files selected for processing (5)

• .github/codeql/codeql-config.yml
• .github/codeql/extensions/python-sanitizers.model.yml
• .github/workflows/codeql.yml
• computer-use-server/requirements.txt
• requirements.txt

[Yambr]

Changes applied manually in commits 00efef3 and f0df0de, released as v0.8.13.0. Added TDD test coverage on top: 15 tests for view() image processing path + 7 version regression guards. Closing — thank you for the contribution!