- Replace vulnerable startsWith() checks with path.relative() validation - Add isPathWithinBase() helper for consistent path validation - Add path filter to tar extraction to prevent directory escape - Validate sessionFile parameter in transcript resolution - Add non-root 'sandbox' user to Docker sandbox (UID 1000) Security impact: - Prevents path traversal in archive extraction (zip and tar) - Prevents arbitrary file write via transcript path injection - Prevents workspace escape in memory manager - Reduces privilege in Docker sandbox Fixes #3277 [AI-assisted]
21 lines
365 B
Docker
21 lines
365 B
Docker
FROM debian:bookworm-slim
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends \
|
|
bash \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
jq \
|
|
python3 \
|
|
ripgrep \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN useradd -m -s /bin/bash -u 1000 sandbox
|
|
USER sandbox
|
|
WORKDIR /home/sandbox
|
|
|
|
CMD ["sleep", "infinity"]
|