TOCTOU Vulnerability in LocalFile Sink: Symlink Escape Risk from export_dir

A critical Time-of-Check-Time-of-Use (TOCTOU) vulnerability exists in the LocalFile sink's path validation, creating a potential symlink escape route from the designated `export_dir`. The flaw is acknowledged in the code itself, where the `validate_sink_config` function performs canonicalization and containment checks, but the validated path could be swapped for a malicious symlink pointing outside the secure directory before the actual file write occurs. This race condition undermines the intended security boundary.

The vulnerability is located in the `api/src/main.rs` file within the `validate_sink_config` function and is utilized by the export worker in `api/src/export_worker.rs`. While the impact is tempered by requiring both API access and filesystem write permissions to the `export_dir`, the presence of such a flaw in core validation logic represents a significant architectural weakness. The suggested remediation involves using the `O_NOFOLLOW` flag when opening the output file or adopting a secure pattern of writing to a temporary file followed by an atomic rename operation.

This issue highlights a classic but dangerous security anti-pattern in systems handling file operations. It places any deployment relying on the LocalFile sink for secure data export under scrutiny, as a successful exploit could lead to arbitrary file writes outside the intended sandbox. The embedded code comment acknowledging the problem signals internal awareness but also raises questions about the prioritization of such foundational security fixes within the development lifecycle.