diff --git a/venus-devtool/inline-gen/main.go b/venus-devtool/inline-gen/main.go
index cbaea8c209..b997e6be0d 100644
--- a/venus-devtool/inline-gen/main.go
+++ b/venus-devtool/inline-gen/main.go
@@ -20,7 +20,13 @@ const (
 var data = map[string]interface{}{}
 
 func main() {
-	db, err := os.ReadFile(os.Args[2])
+	// Validate and sanitize the file path
+	jsonFilePath, err := sanitizePath(os.Args[2])
+	if err != nil {
+		log.Fatalf("Invalid file path: %v", err)
+	}
+
+	db, err := os.ReadFile(jsonFilePath)
 	if err != nil {
 		log.Fatalf("Error reading file: %v", err)
 	}
@@ -34,6 +40,25 @@ func main() {
 	}
 }
 
+func sanitizePath(p string) (string, error) {
+	// Ensure the path is absolute
+	absPath, err := filepath.Abs(p)
+	if err != nil {
+		return "", err
+	}
+
+	// Resolve any symlinks and clean the path
+	cleanPath := filepath.Clean(absPath)
+
+	// Check if the path is within a specific allowed directory
+	allowedDir := "/venus/inline-gen/"
+	if !strings.HasPrefix(cleanPath, allowedDir) {
+		return "", fmt.Errorf("attempted path traversal outside of allowed directory")
+	}
+
+	return cleanPath, nil
+}
+
 func processFile(path string, info os.FileInfo, err error) error {
 	if err != nil {
 		return err