Is your feature request related to a problem?
/home/runner/work/simboard/simboard/backend/app/features/ingestion/api.py currently permits arbitrary filesystem paths for path-based ingestion and includes a TODO to restrict this before broader exposure.
That creates avoidable risk for accidental or unsafe file access, even though the endpoint is currently limited to admin and service-account roles.
Describe the solution you'd like
Add configuration-backed path allowlisting for path-based ingestion.
The endpoint should only accept archive paths that resolve within one or more approved base directories. Rejected paths should return a clear validation error, and the allowed directories should be documented in the backend env configuration.
Describe alternatives you've considered
Relying only on role-based access is not enough if the endpoint remains available in trusted-but-broad environments.
Additional context
Relevant code:
/home/runner/work/simboard/simboard/backend/app/features/ingestion/api.py
This should be treated as pre-release hardening for the ingestion surface.
Is your feature request related to a problem?
/home/runner/work/simboard/simboard/backend/app/features/ingestion/api.pycurrently permits arbitrary filesystem paths for path-based ingestion and includes a TODO to restrict this before broader exposure.That creates avoidable risk for accidental or unsafe file access, even though the endpoint is currently limited to admin and service-account roles.
Describe the solution you'd like
Add configuration-backed path allowlisting for path-based ingestion.
The endpoint should only accept archive paths that resolve within one or more approved base directories. Rejected paths should return a clear validation error, and the allowed directories should be documented in the backend env configuration.
Describe alternatives you've considered
Relying only on role-based access is not enough if the endpoint remains available in trusted-but-broad environments.
Additional context
Relevant code:
/home/runner/work/simboard/simboard/backend/app/features/ingestion/api.pyThis should be treated as pre-release hardening for the ingestion surface.