Commit Graph

2 Commits

Author SHA1 Message Date
Robby
4686606c66 security(core): fix path validation bypasses in archive, transcript, and memory
- Replace vulnerable startsWith() checks with path.relative() validation
- Add isPathWithinBase() helper for consistent path validation
- Add path filter to tar extraction to prevent directory escape
- Validate sessionFile parameter in transcript resolution
- Add non-root 'sandbox' user to Docker sandbox (UID 1000)

Security impact:
- Prevents path traversal in archive extraction (zip and tar)
- Prevents arbitrary file write via transcript path injection
- Prevents workspace escape in memory manager
- Reduces privilege in Docker sandbox

Fixes #3277
[AI-assisted]
2026-01-28 10:44:01 +00:00
Peter Steinberger
3b075dff8a feat: add per-session agent sandbox 2026-01-03 21:41:58 +01:00