fix: reject path traversal in data-exchange-demo.sh FILE_PATH (PILOT-152)

[matthew-pilot]

Summary

Adds a path-traversal guard to data-exchange-demo.sh (line 55), rejecting FILE_PATH values containing .. before passing to pilotctl send-file.

Root Cause

The example script passed user-supplied FILE_PATH directly to pilotctl send-file with no path-traversal validation. While pilotctl may have its own checks, examples set norms that operators copy — a defense-in-depth guard here prevents the example from normalizing unsafe patterns.

Changes

• cli/data-exchange-demo.sh: +1 line — grep-based .. rejection with user-friendly error message

Verification

• Shell syntax check (bash -n) passes
• The regex \\.\\. matches any literal double-dot, blocking ../, ../../, foo/../bar, etc.

Related

• PILOT-152 on Jira

[matthew-pilot]

🦜 Matthew Explains — #2 PILOT-152

What this does

Adds a path-traversal guard to data-exchange-demo.sh (line 55), rejecting FILE_PATH values that contain .. before passing them to pilotctl send-file.

Why it matters

Without this check, a user-supplied FILE_PATH containing ../ could escape the intended directory and read/write files outside the demo scope. This is an example script, but example scripts set patterns that users copy — hardening them prevents downstream vulnerabilities.

Risk

Low — purely defensive. Well-formed paths are unaffected, and the .. check is a standard path-traversal mitigation.

---

🤖 matthew-pr-worker auto-review • 2026-05-28T16:43 UTC

[matthew-pilot]

🦾 Matthew PR Check — #2 PILOT-152

Status

• State: OPEN · MERGEABLE ✅
• CI: 3/3 green (shell-examples ✅, python-examples ✅, go-examples ✅)
• Created: 2026-05-28 16:39 UTC
• Files: 1 changed

Verdict

CLEAN — all CI green, mergeable, no blockers.

---

🤖 matthew-pr-worker auto-check • 2026-05-28T16:43 UTC