Robby
|
4686606c66
|
security(core): fix path validation bypasses in archive, transcript, and memory
- Replace vulnerable startsWith() checks with path.relative() validation
- Add isPathWithinBase() helper for consistent path validation
- Add path filter to tar extraction to prevent directory escape
- Validate sessionFile parameter in transcript resolution
- Add non-root 'sandbox' user to Docker sandbox (UID 1000)
Security impact:
- Prevents path traversal in archive extraction (zip and tar)
- Prevents arbitrary file write via transcript path injection
- Prevents workspace escape in memory manager
- Reduces privilege in Docker sandbox
Fixes #3277
[AI-assisted]
|
2026-01-28 10:44:01 +00:00 |
|