From b10e1af1b5e29c667786e0515800b26f33819f69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D9=8A?= <ajay.calsoft@gmail.com>
Date: Thu, 9 Jan 2025 19:58:38 +0530
Subject: [PATCH] Fix code scanning alert no. 4: Uncontrolled data used in path
 expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/ai_seo_tools/image_alt_text_generator.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/ai_seo_tools/image_alt_text_generator.py b/lib/ai_seo_tools/image_alt_text_generator.py
index 345d8ded..63734800 100644
--- a/lib/ai_seo_tools/image_alt_text_generator.py
+++ b/lib/ai_seo_tools/image_alt_text_generator.py
@@ -7,11 +7,19 @@ import os
 
 # Function to encode the image
 def encode_image(image_path):
-    with open(image_path, "rb") as image_file:
+    safe_root = '/safe/root/directory'  # Define your safe root directory
+    normalized_path = os.path.normpath(image_path)
+    if not normalized_path.startswith(safe_root):
+        raise ValueError("Invalid image path")
+    with open(normalized_path, "rb") as image_file:
         return base64.b64encode(image_file.read()).decode('utf-8')
 
 def get_image_description(image_path):
-    base64_image = encode_image(image_path)
+    safe_root = '/safe/root/directory'  # Define your safe root directory
+    normalized_path = os.path.normpath(image_path)
+    if not normalized_path.startswith(safe_root):
+        raise ValueError("Invalid image path")
+    base64_image = encode_image(normalized_path)
 
     headers = {
         "Content-Type": "application/json",