Add a recovery path for autosaved documents that don't open successfully#4157
Add a recovery path for autosaved documents that don't open successfully#4157Keavon wants to merge 3 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a recovery mechanism for autosaved documents that fail to deserialize during startup. It adds new dialogs for reporting these failures and allows users to download the raw serialized content—either as a ZIP file on the web or as individual files within a folder on desktop. The implementation includes eager loading of all autosaves to detect issues early and updates to the persistence layer to prevent failed documents from being garbage collected. Review feedback highlights a potential directory traversal vulnerability when using document names as filenames and suggests providing fallback names for untitled documents in the failure list to improve clarity.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 14 files
Confidence score: 2/5
- There is a high-confidence, high-severity path-handling risk in
desktop/wrapper/src/messages.rs: recovered document names are transported as rawStrings, so crafted names could escape the chosen recovery directory when later joined into paths. - A related issue in
editor/src/messages/portfolio/portfolio_message_handler.rsalso passes unsanitized names into ZIP/folder outputs, so path separators or reserved characters can produce unsafe or invalid filenames for users. - The empty-name rendering bug in
editor/src/messages/portfolio/portfolio_message_handler.rsis low severity (UI clarity), but it reinforces that filename normalization is currently incomplete across the recovery flow. - Pay close attention to
desktop/wrapper/src/messages.rsandeditor/src/messages/portfolio/portfolio_message_handler.rs- recovery filename sanitization is needed to prevent path traversal/invalid output and improve reliability.
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Re-trigger cubic
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
1 participant
Uh oh!
There was an error while loading. Please reload this page.