{
  "verdict": "no_distinct_fixed_version_bypass_confirmed",
  "confirmed": false,
  "created_at": "2026-07-05T15:11:08.457199+00:00",
  "repository": "https://github.com/OpenBMB/ChatDev",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "a6a5cda5560053136897aa44301eacc6c48d8168",
    "version": "<=2.2.0",
    "ref": "4fd4da603801766b14ad8788649cfc1ad21f99a6^",
    "display": "ChatDev vulnerable parent of fix commit"
  },
  "fixed_target_tested": {
    "target_kind": "git_commit",
    "commit_sha": "4fd4da603801766b14ad8788649cfc1ad21f99a6",
    "version": "post-2.2.0 fixed commit",
    "ref": "4fd4da603801766b14ad8788649cfc1ad21f99a6",
    "display": "ChatDev fixed commit"
  },
  "latest_target_tested": {
    "target_kind": "git_commit",
    "commit_sha": "4fd4da603801766b14ad8788649cfc1ad21f99a6",
    "ref": "origin/main",
    "display": "origin/main resolved during run"
  },
  "validated_surface": "service_sink_direct_with_parent_api_route_equivalence",
  "evidence_scope": "runtime_sink_fix_coverage",
  "end_to_end_target_reached": false,
  "target_path_reached": true,
  "bypass_confirmed": false,
  "alternate_trigger_on_vulnerable_version": true,
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "observed_impact_class": "vulnerable_only_arbitrary_file_write_delete",
  "fixed_observed_impact_class": "none",
  "exploitability_confidence": "none_for_fixed_bypass_high_for_vulnerable_only_candidate",
  "attacker_controlled_input": "multipart UploadFile.filename supplied to POST /api/uploads/{session_id}; tested candidates used POSIX traversal and absolute filenames",
  "trigger_path": "POST /api/uploads/{session_id} -> AttachmentService.save_upload_file -> temp_path = temp_dir / filename -> temp_path.open('wb')",
  "tested_candidates": [
    {
      "candidate": "baseline_parent_traversal_symlink",
      "description": "../ traversal filename with symlink at supplied path",
      "vulnerable_escaped_or_deleted": true,
      "fixed_escaped_or_deleted": false,
      "latest_escaped_or_deleted": false,
      "bypass": false
    },
    {
      "candidate": "candidate_absolute_filename_symlink",
      "description": "absolute multipart filename with symlink at supplied path",
      "vulnerable_escaped_or_deleted": true,
      "fixed_escaped_or_deleted": false,
      "latest_escaped_or_deleted": false,
      "bypass": false
    },
    {
      "candidate": "candidate_absolute_filename_delete",
      "description": "absolute multipart filename pointing to an existing file",
      "vulnerable_escaped_or_deleted": true,
      "fixed_escaped_or_deleted": false,
      "latest_escaped_or_deleted": false,
      "bypass": false
    }
  ],
  "blocking_mitigation": "Fixed commit 4fd4da603801766b14ad8788649cfc1ad21f99a6 calls AttachmentService._safe_upload_filename(), which normalizes backslashes, strips all directory components with basename, and substitutes upload.bin for empty/dot names before joining with the temporary upload directory.",
  "claim_block_reason": "The materially distinct absolute-filename candidate reaches the same vulnerable sink on the vulnerable commit, but it is explicitly covered by the fixed basename normalization and does not reproduce on the fixed/latest commit.",
  "inferred": false,
  "proof_artifacts": [
    "bundle/vuln_variant/reproduction_steps.sh",
    "bundle/vuln_variant/eval_summary.json",
    "bundle/vuln_variant/result_vulnerable.json",
    "bundle/vuln_variant/result_fixed.json",
    "bundle/vuln_variant/result_latest.json",
    "bundle/logs/vuln_variant_reproduction_steps.log",
    "bundle/logs/vuln_variant_driver_vulnerable.log",
    "bundle/logs/vuln_variant_driver_fixed.log"
  ]
}
