From 8000d21a053eb19bf7d8418346d64bc17f04fb9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D9=8A?= <ajay.calsoft@gmail.com>
Date: Mon, 25 May 2026 17:25:28 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 139: Uncontrolled
 data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 backend/routers/image_studio/transform.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/routers/image_studio/transform.py b/backend/routers/image_studio/transform.py
index 4ab4c51e..2ad635f5 100644
--- a/backend/routers/image_studio/transform.py
+++ b/backend/routers/image_studio/transform.py
@@ -142,11 +142,11 @@ async def serve_transform_video(
                 detail="Invalid video path: path traversal detected"
             )
 
-        if not video_path.exists():
+        if not resolved_video_path.exists():
             raise HTTPException(status_code=404, detail="Video not found")
 
         return FileResponse(
-            path=str(video_path),
+            path=str(resolved_video_path),
             media_type="video/mp4",
             filename=video_filename
         )