The save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter.
The function only removes leading dots of file_format using file_format.lstrip(".") but allows path traversal sequences like /../../ to pass through unchanged. When the filename is constructed via string concatenation in
f"{timestamp}_{clean_title}.{file_format}"
malicious path sequences are preserved, enabling attackers to write files outside the designated report directory.
An attacker can manipulate the LLM to call the tool with a specific file_format to overwrite critical system files like __init__.py, potentially leading to remote code execution.
No